After  Ebbers'  sentence 

Has  enough  been  done  to  lessen  the 
chances  of  another  WorldCom? 

Experts  say  yes.  PAGE  9.  Bernie  Ebbers 


Appliance  world 

Special-purpose,  hardened  appliances  that  handle  res¬ 
olution  for  key  Internet  protocols  are  making  their 
way  into  corporate  networks.  PAGE  26. 


IT  intelligence 

Despite  the  consolidation  of  IT  research  firms,  a  prepon¬ 
derance  of  information  on  the  ’Net  and  the  rise  of  niche 
analysis  firms  give  buyers  an  array  of  options.  PAGE  42. 
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.  if  you’re  a  lawyer 
racking  up  hours 
on  closing  deals. 

BY  CAROLYN  DUFFY  MARSAN 

Crowell  &  Moring,  a  law 

firm  that  represents  £*? 

SBC  in  its  merger  with 
AT&T,  is  racking  up  huge  bill- 
able  hours  this  summer. The 
firm  has  hundreds  of  contract 
lawyers  working  in  temporary 
office  space  in  Washington, 

D.C.,  reviewing  more  than  1 
billion  documents  involved  in 
the  merger. 

Crowell  &  Moring  is  not  alone.  Across  Washington  and  New 
York,  law  firms  that  represent  telecom  carriers  are  experiencing 
a  surge  in  business  as  an  unprecedented  number  of  major  tele¬ 
com  mergers  churn  through  the  system. 

Dozens  of  law  firms  are  representing  carriers  involved  in  the 

See  Lawyer,  page  48 
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Cisco  covets 
anti-spam  role 


BY  PHIL  HOCHMUTH  AND  CARA  GARRETSON 

Cisco  appears  poised  to  initiate  more  action  in  the 
anti-spam  arena,  having  just  jumped  into  a  standards 
fray  where  the  industry’s  top  hardware  vendor  nor¬ 
mally  wouldn’t  be  found. 

“Since  all  this  [spam]  traffic  is  running  on  Cisco 
networks  in  large  part,  many  customers  often  ask, 
‘Why  can’t  Cisco  do  something  about  it?”’says  Sanjay 
Fbl, senior  vice  president  and  director  of  Cisco’s  Anti- 
Spam  Initiative. “The  less  trust  people  have  of  the  In¬ 
ternet,  the  worse  it  is  for  Cisco  and  our  customers.” 

Last  week,  Cisco  joined  Yahoo,  Sendmail  and  PGP 
Corp.  in  submitting  the  DomainKeys  Identified  Mail 
(DKIM)  specification  to  the  IETE  DKIM  results  from 
Cisco  and  Yahoo  merging  separate  e-mail  verification 
technologies  with  similar  attributes, which  both  com¬ 
panies  had  worked  on  for  more  than  a  year. 


DKIM  is  a  signature-based  e-mail  authentication 
proposal  meant  to  curb  unsolicited  commercial 
e-mail,  as  well  as  phishing  messages. While  the  Cisco/ 
Yahoo  anti-spam  move  is  getting  notice,  it  is  still  just 
another  in  a  litany  of  efforts  in  the  industry  to  stan¬ 
dardize  a  way  to  stop  unsolicited  e-mail. 

DKIM,  which  relies  on  cryptography  to  authenticate 
a  sender’s  identity  will  likely  follow  the  same  path  as 
the  Sender  ID  proposal  that  Microsoft  and  others 
submitted  to  the  IETF  last  year,  according  to  Paul 
Hoffman,  director  of  the  VPN  Consortium,  a  vendor- 
neutral  organization  that  promotes  the  development 
of  VPN  technology  Sender  ID  was  not  ratified  as  a 
standard  by  the  IETpas  was  hoped  by  its  proponents, 
but  given  “experimental  RFC”  status.  “That’s  exactly 
what’s  going  to  happen  to  DKIM. That’s  not  to  say 

See  Cisco,  page  14 


Investors  target  systems  management 


BY  DENISE  DUBIE 

Looking  to  offer  users  new  tools 
to  manage  complex  data  center 
technologies,  a  crop  of  network 
and  systems  management  start¬ 
ups  has  garnered  more  than  $100 
million  from  venture  capitalists 
this  year. 

Newcomers  are  devising  ways 


to  address  emerging  management 
challenges  such  as  Web  services, 
IP-based  applications  and  secur¬ 
ity  Start-ups  such  as  Covergence.a 
maker  of  applications  manage¬ 
ment  software  for  real-time  IP 
communications,  and  Vericept, 
which  provides  compliance  and 
content  control  technology,  this 


year  have  raked  in  $16  million 
and  $12.5  million  in  venture  capi¬ 
tal  funding,  respectively  Ground- 
Work,  which  built  its  IT  manage¬ 
ment  software  on  open  source 
technology  raised 
while  Splunk 
Technology  and 
Cittio,  also  pro¬ 
viding  IT  infra¬ 
structure-moni¬ 
toring  tools,  sep¬ 
arately  garnered 
$4  million  and  $3.5  million. 

Investments  in  network  compa¬ 
nies  might  not  be  on  par  with  pre- 
dot-com  spending  —  $10  billion 
was  invested  in  2004  (according 
to  a  PricewaterhouseCoopers’ 
See  Management,  page  12 


$11.5  million, 

|  Start-ups 
take  aim  at 
storage  and 
security  prod¬ 
ucts.  Pages  9 
and  10. 


Future-proof  your  network  by  making 
wise  infrastructure  investments  that 
will  serve  your  company  for 
the  long  haul. 
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YOU  MONEY  FOR  A  DAY.  BUT 

HOW  ABOUT 

A  DECADE? 


NOW  IS  THE  TIME  TO 

partner  with  Dell,  a  proven  leader  in 
designing  enterprise  solutions  that  add 
more  flexibility,  help  simplify  operations, 
and  scale  every  IT  dollar.  Everything  from 
PowerEdge  Server  technology  with  the 
performance  and  reliability  of  Intel® 
Xeon™  Processors,  to  complete  storage 
solutions  and  end-to-end  services  for 
planning,  implementing  and  managing 
your  data  center.  All  direct  from  one  place. 
Get  more  out  of  the  next  decade  and 
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9  Bernie  Ebbers’sentence  called  a  strong  deterrent. 

9  ConSentry  takes  aim  at  low-cost  security  offerings. 

10  Vendor  demonstration  shows  identity  management  specs  can  coexist. 
10  Storage  start-ups  look  to  solve  file,  data  management  issues. 

14  Sun  grows  open  source  offerings. 

17  Industry  group  looks  to  tackle  spyware. 

17  Tightening  video  integration  with  Microsoft  software. 


Net  Infrastructure 

19  Cisco  speaks  apps  language. 

19  Riverbed  keeps  remote  offices 

up. 

20  Kevin  Tolly:  AON:  An  ‘all  or 
nothing'  approach? 

Enterprise  Computing 

21  Wisconsin  city  finds  performance, 
savings  in  Linux. 

22  Start-up  Kashya  unveils 
continuous  data  protection  software. 

Application  Services 

23  Microsoft  tunes  SMB  licensing. 

23  HP  pumps  up  ID  management 
suite. 

24  Scott  Bradner:  Continuing 
deceptions. 

24  Microsoft  bolsters  auto  applica¬ 
tion  software. 

26  SPECIAL  FOCUS:  Appliances 
replace  DNS,  DHCP  software. 

Service  Providers 

27  Sprint  juggles  wireless,  wireline 
business  services. 

27  Netli  touts  faster  Web  services 
across  the  Internet. 


29  Johna  Till  Johnson:  Justice  is 
served  —  for  Ebbers  and  all  of  us. 

Technology  Update 

31  Classifying  packets  in  a  single 
pass, 

31  Steve  Blass:  Ask  Dr.  Internet. 

32  Mark  Gibbs:  Phone  fixes. 

32  Keith  Shaw:  Cool  tools,  gizmos 
and  other  neat  stuff, 

Opinions 

34  On  Technology;  SMB  tour  kicks 
off. 

35  Jeffrey  Kaplan:  Off-target 
offshore  outsourcing. 

35  Thomas  Nolle:  Does  open 
access  matter? 

50  BackSpin:  A  new  theory  with 
consequences. 

50  'Net  Buzz:  Are  online  opinion 
polls  worthless , . .  or  just  practi¬ 
cally  worthless. 

Management 

Strategies 

42  IT  intellect:  The  'Net  and 
niche  firms  give  IT  pros  ample 
options  for  market  research. 


■Protect  your  coinpiys  online  reputation  by  locking  down  DNS 
anti  guarding  against  domain  hijacking.  Page  39. 


Minding  the  Server  Gap 

Our  Clear  Choice  Test  of  QCD  Microsystems'  now  InterStructuros 
server  management  modules  show  they  are  an  effective  means  of 
controlling  both  Microsoft  and  Linux  servers  from  a  single  Windows 

pan  Page  40. 
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CLEAR  CHOICE 


COOLTOOLS 

The  Mio  269  is  on  the  right 
track  with  preloaded  maps 
and  navigation  features. 
Page  32. 
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Network  World  Radio/Podcast: 

Wainhouse's  WebMetrics  Web  con¬ 
ferencing  survey. 

This  week  were  joined  by  Alan 
Greenberg,  senior  analyst  and 
consultant  at  Wainhouse 
Research,  who  will  discuss 
Wainhouse's  quarterly  WebMetrics 
survey,  which  tracks  Web  confer¬ 
encing  usage  and  patterns. 
DocFinder:  8034 

Multimedia  Exchange 

Skype  and  Boingo  team: 

Multimedia  Editor  Jason  Meserve 
examines  the  new  Boingo  Wireless 
and  Skype  deal  that  will  allow 
Skype  users  to  make  wireless 
calls  from  any  of  18,000  Boingo 
hot  spots  around  the  globe 

Online  help  and  advice 

Nutter's  Help  Desk 

How  to  connect  a  nearby  building  to 
your  network:  Help  Desk  guru  Ron 
Nutter  helps  a  user  whose  company 
is  expanding  across  the  street  and 
needs  to  connect  its  data  and  phone 
nets.  DocFinder:  8039 

Home  Base 

Reader  tidbits 

Readers  write  home-based  business 

Seminars  and  events 


for  S8  per  month. 

DocFinder:  8035 

Cool  Tools  Daily  Dose 

Keith  Shaw  looks  at  a  USB  Wi-Fi 
adapter  for  S40,  Optoma's  dual  DVD 
player/projector,  HP's  new  printing 
technology  and  more. 

DocFinder:  8036 

Forum:  The  end  of  firewalls? 

Readers  react  to  our  story  on 
The  Jericho  Forum,  a  group  that 
argues  that  firewalls  hinder  appli¬ 
cations  such  as  e-commerce  and 
should  not  be  used.  Are  firewalls 
necessary  anymore  or  is  there  a 
better  way?  Add  your  thoughts. 
DocFinder:  8037 


columnist  Sandra  Gittlen  on  prepar¬ 
ing  for  power  outages,  organizing 
work  projects,  doing  your  taxes  and 
more.  DocFinder:  8040 

Telework  Beat 

IT  execs  talk  telework,  Part  2  of  2 

Ann  Bednarz  talks  to  IT  pros  to  see 
how  telework  fits  into  their  work 
schedules, 

DocFinder:  8041 


IT  Strategies  for  Small  to  Mid-sized  Businesses:  A  Practical  Blueprint  for 

Smart  Growth 

This  new  Technology  Tour  Event  and  Expo  is  packed  with  the  practical  guid¬ 
ance  you  need  to  create  an  IT  strategy  that  saves  wasted  expenditures  and 
your  sanity.  Invest  six  hours  that  could  put  tens  of  thousands  of  dollars  hack 
to  work  elsewhere  in  your  business.  Want  in?  Qualify  and  you  can  attend 
free.  DocFinder:  8043 


BREAKING  NEWS 

Go  online  for  breaking  news  everyday.  DocFinder  1001 

Free  e-mail  newsletters 

Sign  up  for  any  of  more  than  40  newsletters  on  key  network  topics. 

DocFinder:  1002 
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We’ve  made  it  easy  to  access  articles  and  resources 
online.  Simply  enter  the  four-digit  DocFinder  number  in 
the  search  box  on  the  home  page,  and  you’ll  jump  directly 
to  the  requested  information. 
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Venerable  VC  firm  hires  Colin  Powell 

M  Silicon  Valley  stalwart  Kleiner  Perkins  Caufield  &  Byers  last  week 
announced  that  former  Secretary  of  State  Colin  Powell  has  joined  the 
venture  capital  firm  as  a  strategic  limited  partner.  Powell,  whose  expe¬ 
rience  in  the  business  world  includes  a  stint  on  AOL’s  board  of 
directors,  is  particularly  interested  in  helping  companies  in  the 
areas  of  communications,  security,  energy  independence  and 
healthcare,  according  to  a  Kleiner  Perkins  statement.The  68-year- 
old  retired  four-star  general  will  work  for  the  firm  in  a  part-time 
capacity.  Kleiner  Perkins  is  more  than  30  years  old  and  has  funded 


TheGoodTheBadTheUgly 

Try,  try  again.  The  newly  formed  Anti-Spyware  Coalition  is 
hoping  to  succeed  where  a  previous  organization  failed  in  tackling  the 
problem  of  spyware.  The  Consortium  of  Anti-Spyware 
Technology  Vendors,  initially  drawn  from  the  security  soft¬ 
ware  vendor  community,  fell  apart  in  February  after  a 
failed  16-month  effort  to  coordinate  its  members'  con¬ 
flicting  goals.  The  new  group  has  a  much  wider  mem¬ 
bership.  (See  full  story,  page  17.) 

<  Back  to  work.  The  average  employee 
wastes  just  more  than  two  hours  a  day  surfing  the 
Internet  at  work,  according  to  a  survey  conducted  by 
Salary.com  and  AOL,  with  almost  half  of  the  10,000 
polled  citing  such  goofing  off  as  their  primary  means 
of  wasting  time. 


SCOTT  MATTHEW 


technology  companies,  including  AOL,  Amazon,  Netscape,  Google, 
Compaq  and  Sun. 


Layoffs  may  come  this  week  at  HP 

■  HP  might  cut  thousands  of  jobs  this  week  in  the  first 
large-scale  restructuring  by  new  CEO  Mark  Hurd, 
according  to  published  reports.  Hurd,  who  took  the 
helm  at  HP  in  March  following  the  removal  of  Carly 
Fiorina,  has  said  he  would  take  steps  to  reduce  costs  at 
the  company  HP  plans  to  announce  the  restructuring 
Tuesday,  according  to  a  report  in  The  Wall  Street 
Journal,  which  cited  an  unnamed  source  familiar  with 
the  plans.The  Journal  was  unable  to  provide  details  of 
the  restructuring  and  said  the  timing  of  the  announce 
ment  might  change.  HP  did  not  comment.  Some  Wall 
Street  analysts  expect  5,000  to  25,000  employees  to  be 
laid  off,  according  to  the  report.The  company’s  enter¬ 
prise  computing  business,  which  has  not  done  as  well 
as  some  of  its  rivals,  appears  particularly  susceptible  to 
job  cuts,  the  paper  said. 

VeriSign  acquires  iDefense 

■  Looking  to  flesh  out  its  line  of  managed  security 
services  products,  VeriSign  has  snapped  up  network 
security  researcher  iDefense. The  $40  million  cash 
acquisition  was  completed  last  week.  IDefense,  in 
Reston.Va.,  provides  early-warning  assessment  of 
Internet  security  threats  to  a  select  group  of  govern¬ 
ment  and  very  large  enterprise  clients. VeriSign 
hopes  to  be  able  to  market  the  iDefense  research 
products  to  a  wider  audience,  while  at  the  same  time 
use  data  from  its  security  monitoring  operations  to 
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“A  sentence  of  anything  less 
would  not  reflect  the  serious¬ 
ness  of  this  crime.” 

Judge  Barbara  Jones,  who  last  week  sentenced  former 
WorldCom  CEO  Bernie  Ebbers  to  25  years  in  prison. 

bolster  the  iDefense  research. The  45-person  research 
company  will  retain  the  iDefense  name. VeriSign,  in 
Mountain  View,  Calif.,  has  no  plans  to  move  the 
iDefense  team  from  its  present  location. VeriSign’s 
managed  security  services  business  provides  man¬ 
aged  firewalls,  intrusion-detection  and  vulnerability 
alerting  under  the  VeriSign  Managed  Security 
Services  brand. 

Microsoft  infringed  AT&T  patent 

■  Microsoft  infringed  an  AT&T  patent  for  speech¬ 
coding  technology  in  its  distribution  of  a  master  ver¬ 
sion  of  the  Windows  operating  system  outside  of  the 
U.S.  for  replication  abroad,  the  U.S.  Court  of  Appeals 
for  the  Federal  Circuit  ruled  last  week,  concluding 
the  final  issue  remaining  from  a  2001  lawsuit. 
Microsoft  agreed  to  an  undisclosed  settlement  with 


“Now  where  is  that 
fireplace.gif  animation?” 


Robert  Robbins  of  Ladysmith,  Wis.,  is  Layer  8's  latest  Caption  King.  Check  back  every 
Monday  for  the  start  of  a  new  contest  www.networkworld.com/weblogs/layer8 


Pay  attention.  A  study  published  in  the  BMJ  medical  jour¬ 
nal  shows  that  drivers  who  talk  on  cell  phones  —  even  hands-free 
versions  —  are  four  times  more  likely  to  be  involved  in  serious  acci¬ 
dents  than  those  who  don't  phone  and  drive. 


AT&T  in  March  2004  in  the  case,  which  was  filed  in 
the  U.S.  District  Court  for  the  Southern  District  of 
New  York.  But  as  part  of  that  agreement,  the  software 
maker  was  given  the  right  to  appeal  liability  for 
patent  infringement. The  District  Court  ruled  that 
software  copies  made  from  a  master  version,  sent 
from  the  U.S.,are  not  shielded  from  patent  law,  which 
prohibits  circumvention  of  infringement  by  exporta¬ 
tion  of  products. 

Trend  Micro  says  bug  cost  it  $8M 

■  Anti-virus  software  vendor  Trend  Micro  last  week 
said  a  bug  in  its  software  that  affected  thousands  of 
customers  has  cost  the  company  $8  million. The  issue 
also  has  forced  the  company  to  lower  its  revenue 
and  profit  forecasts  for  the  April-to-June  quarter.  The 
affair  leading  to  the  profit  warning  began  on  April 
23  when  the  company  released  a  faulty  software- 
update  file  that  sucked  up  the  processing  power  of 
PCs  that  had  downloaded  it.  The  file  affected  mainly 
PCs  using  Windows  XP  with  Service  Pack  2  and  Trend 
Micro’s  OfficeScan  PC-cillin  Internet  Security  2005 
VirusBuster  software,  the  company  said. The  company 
quickly  set  up  a  call  center  to  field  inquiries,  and 
issued  updates  that  when  uploaded  automatically 
fixed  the  problem. 

OS/2  dies,  again  . . .  really 

■  While  death  notices  for  IBM’s  OS/2  operating  sys¬ 
tem  have  been  floated  before,  IBM  apparently  has 
made  it  more  permanent  this  time. The  company  last 
week  said  it  will  discontinue  OS/2  products  by  Dec.  23 
and  withdraw  standard  support  for  OS/2-related  prod¬ 
ucts  as  of  Dec.  31,  2006.  IBM  is  recommending  its 
remaining  OS/2  customers,  which  reportedly  number 
about  80,  move  on  to  Linux.  Introduced  in  1987,  OS/2 
struggled  against  Microsoft  Windows,  and  a  dearth  of 
applications  eventually  made  it  a  non-entity  in  the 
corporate  world. 


Take  charge.  Win  the  battle  and  take  control,  right  from  your  comfy  chair.  It’s  easy  to  conquer  the  challenges  of 
managing  serial  devices  in  the  data  center  with  the  CCM  serial  console  manager  *  When  used  with  DSView®  3, 
AVWorks®,  or  industry-standard  SSH/Telnet  client  software,  you  can  remotely  control  servers,  network  gear,  telco  and 
power  devices  from  a  single  interface.  With  proactive  alerts  and  offline  buffering 

you  can  remotely  diagnose  failed  devices  and  reduce  downtime  without  setting  Avocent® 

foot  in  the  data  center.  Visit  us  at  www.avocent.com/serialcontrol.  The  Power  of  Being  There® 

*  Recliner  recommended,  but  not  included. 


Avocent,  the  Avocent  logo,  DSView,  AVWorks  and  The  Power  of  Being  There  are  registered  trademarks  of  Avocent  Corporation.  €>  2005  Avocent  Corporation. 
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Ebbers'  sentence  a  strong  deterrent 

Experts  in  corporate  ethics  see  less  risk  of  another  WorldCom  in  the  future. 


Former  WorldCom  CEO  Bernard  Ebbers  exits  Manhattan  federal  court  with 
his  wife  Kristie  following  his  sentencing  last  week. 


BY  DENISE  PAPPALARDO  AND  CARA  GARRETSON 

Last  week’s  sentencing  of  former  WorldCom  boss 
Bernard  Ebbers  to  25  years  in  prison  closes  the  legal 
book  on  the  network  industry’s  most  notorious  and 
damaging  case  of  accounting  fraud,  pending  the 
inevitable  appeals. 

Ebbers  was  convicted  in  March  on  nine  fraud-relat¬ 
ed  counts.Tens  of  thousands  of  employees  lost  their 
jobs,  and  thousands  lost  their  life  savings.  Although 
more  than  150  people  sent  letters  to  Judge  Barbara 
Jones  asking  for  leniency  the  more  striking  com¬ 
ments  came  from  those  who  directly  suffered  losses. 

Since  the  verdict  was  announced,  discussion  has 
focused  primarily  on  the  question  of  whether  justice 
was  served.  However,  the  question  of  greater  impor¬ 
tance  to  those  who  depend  on  this  industry  for  their 
livelihoods  and  to  run  their  businesses  may  well  be 
this:  Has  enough  been  done  to  prevent  the  next 
WorldCom? 

One  law  professor  says  recent  moves  by  prosecu¬ 
tors  to  go  after  corporate  criminals,  as  well  as  legisla¬ 
tion  such  as  Sarbanes-Oxley  designed  to  keep  public 
companies’ accounting  books  in  order,  are  deterrents 
to  white-collar  crime. 

“In  general,  the  overall  increase  of  prosecution  and 
legislation  of  white-collar  crime  is  definitely  having  an 
effect, ’’says  Ellen  S.  Podgor,  professor  of  law  at  Georgia  State 
University’s  College  of  Law 

However,  she  calls  Ebbers’  25-year  sentence  “ridiculously 
long  and  inappropriate. . . .  John  Walker  Lindh  got  20  years 


for  aiding  the  Taliban;  Bernie  Ebbers  got  25  years?” 

The  prosecution  had  recommended  Ebbers  receive  85 
years  behind  bars.  Of  the  25-year  sentence,  Jones  said,  “A 
sentence  of  anything  less  would  not  reflect  the  seriousness 
of  this  crime.” 


Until  a  few  years  ago,  it  was  generally  believed  that 
sentences  for  white-collar  crime  were  too  lenient, says 
Douglas  Berman,  professor  of  law  at  Ohio  State’s 
Mortiz  College  of  Law. “That  has  flipped;  of  late  we’re 
seeing  more  and  more  long  sentences  in  white-collar 
cases,  even  for  first  offenders.” 

The  idea  is  that  when  a  CFO  or  CEO  is  faced  with 
the  choice  of  cooking  the  books  or  facing  Wall  Street 
with  an  honest  showing  of  numbers,  he’ll  think  about 
the  sentences  former  executives  received. 

Cases  involving  Enron,  WorldCom  and  Tyco  have 
increased  awareness  of  corporate  governance  and 
business  ethics  among  companies,  says  David 
Balderson,  director  of  Corporate  Learning  Services,  a 
division  of  New  York  University’s  School  of  Continuing 
and  Professional  Studies.  Balderson’s  group  devel¬ 
oped  MCI’s  ethics  training  in  2003,  which  all  employ¬ 
ees  are  required  to  complete.  Since  then,  Balderson 
says  the  number  of  companies  that  seek  such  training 
has  grown  exponentially 

In  fact,  NYU  says  it  just  got  an  RFP  from  a  Fortune 
100  company  with  more  than  20,000  employees  to 
create  an  ethics-training  program. 

Ebbers  is  scheduled  to  report  to  federal  prison 
Oct.  12.  ■ 
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Start-up  takes  aim  at  low-cost  security  offerings 


Profile:  ConSentry  Networks 


Location: 

Milpitas,  Calif. 

Founded: 

August  2003 

Founders: 

Jeff  Prince  (founder  of  Foundry  Networks),  Tom  Barsi  (co-founder 
of  Vina  Technologies),  Mario  Nemirovsky  (founder  of  XtreamLogic) 

Funding: 

$31.1  million  from  Accel  Partners,  Sequoia  Capital,  Invesco  Private 
Capital 

Employees: 

60 

Product: 

Network  security  and  monitoring  appliances  (unnamed) 

Competitors: 

Cisco,  Juniper,  Microsoft  security  initiatives 

Fun  fact: 

Formerly  Tidal  Networks,  the  name  ConSentry  is  derived  from  the 
words  control  and  sentry  to  reflect  real-time  control  and  inspection 
of  traffic. 

BY  TIM  GREENE 

A  new  vendor  is  expected  to 
come  out  this  fall  with  an  appli¬ 
ance  it  says  will  provide  similar 
but  less-expensive  protection  to 
comprehensive  schemes  laid  out 
by  established  network  vendors. 

The  well-funded  start-up  Con- 
Sentry  Networks,  with  an  distin¬ 
guished  leadership  team,  has  built 
three  custom  chips  to  give  the 
device  the  processing  power  it 
needs  to  parse  packets  to  Layer  7, 
keep  track  of  sessions  and  enforce 
access  policies. 

For  example,  the  device  will  be 
able  to  deny  individuals  or 
groups  access  to  applications 
chosen  by  network  executives,  as 
well  as  shut  down  connections 
that  exhibit  the  behavior  of 
worms  and  viruses  in  accordance 
with  policies,  says  Tom  Barsi, 
ConSentry ’s  president  and  CEO. 

The  device  would  sit  between 
workgroup  switches  and  core 
routers,  monitoring  traffic  and 
enforcing  policies.  Protecting  a 


network  would  require  multiple 
ConSentry  devices,  Barsi  says.That 
is  less  expensive  than  upgrading 
switches  so  they  can  enforce  poli¬ 
cies  with  802.  lx  authentication 
and  installing  a  battery  of  soft¬ 
ware  on  each  client  machine  to 
protect  it  from  attacks,  he  says. 

The  appliance,  whose  name  and 


price  the  company  has  declined 
to  reveal,  secures  a  network  from 
within,  instead  of  assuring  that  the 
devices  accessing  the  network  are 
secure,  as  is  the  case  with  initia¬ 
tives  by  Cisco  (NAC),  Juniper 
(JEDI)  and  Microsoft  (NAP),  says 
Andreas  Antonopoulos,  founding 
partner  of  Nemertes  Research. 


“They  require  a  high  level  of  soft¬ 
ware  complexity  instituted  on  the 
clients,”  he  says. 

By  contrast,  ConSentry’s  device 
moves  the  protection  off  the 
clients  toward  switches.  “It  gives 
you  an  additional  hardware 
perimeter  within  the  enterprise 
LAN,”  he  says. The  main  benefit  is 
that  if  network-based  security  can 
respond  fast  enough,  it  can  stop 
the  rapid  propagation  of  new 
threats  on  the  network,  he  says. 

The  downside  is  that  businesses 
with  a  lot  of  mobile  workers  will 
need  to  install  protective  software 
on  laptops  to  protect  them  when 
they  are  not  attached  to  the  cor¬ 
porate  LAN,  he  says.  Network- 
based  security  is  a  good  and  prob¬ 
ably  less-expensive  choice  for 
businesses  primarily  using  fixed 
desktops  such  as  call  centers. 

“My  gut  reaction  is  that  it  is 
cheaper  to  do  LAN-based  security 
than  to  update  the  software  on 
every  endpoint,”  Antonopoulos 
says.  But  many  businesses  will 


need  both  network-based  and 
client-based  security  because  of 
their  high  number  of  mobile 
workers,  he  says. 

The  ConSentry  device  seems  a 
good  choice  to  protect  VoIP 
phones,  which  are  vulnerable  to 
many  PC-type  attacks  but  general¬ 
ly  lack  security  software,  he  says. 

The  appliance  will  enforce  poli¬ 
cies  set  within  other  platforms, 
such  as  Active  Directory  or 
RADIUS,  so  policies  can  be 
applied  to  individuals  or  groups 
depending  on  what  customers 
define. 

The  company’s  three  founders 
—  Barsi,  chairman  and  CTO  Jeff 
Prince,  and  chief  scientist  Mario 
Nemirovsky  —  all  have  created 
successful  start-ups  before  (see 
graphic).  They  have  attracted 
$31.1  million  in  venture  capital. 
The  long-term  goal  of  the  com¬ 
pany  is  to  sell  its  technology  as 
blades  that  network  companies 
can  install  in  their  switches,  Barsi 
says.B 
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Demo  shows  ID  specs  can  coexist 


8Y  JOHN  FONTANA 

SAN  DIEGO  —  Despite  techni¬ 
cal  differences  among  protocols 
for  sharing  identities  across  cor¬ 
porate  boundaries, users  will  have 
at  least  three  network  configura¬ 
tions  that  will  let  the  disparate 
protocols  speak  to  one  another. 

Fourteen  vendors  —  including 
IBM,  Microsoft,  Novell,  Oracle,  RSA 
and  Sun  —  gathered  last  week  at 


the  annual  Burton  Group  Catalyst 
Conference  to  answer  the 
research  firm’s  challenge  to  prove 
multi-protocol  interoperability 
among  their  identity  federation 
products. 

The  demonstration  helped  dis¬ 
pel  user  fears,  experts  say  that 
protocols  for  federating,  or  shar¬ 
ing,  user  identity  and  authentica¬ 
tion  information  were  on  a  diver¬ 


gent  path  that  would  cause 
major  deployment  headaches. 
Federation’s  promise  is  that  part¬ 
ners  can  integrate  their  authenti¬ 
cation  systems  and  provide  users 
with  a  single  sign-on  that  stretch¬ 
es  across  corporate  boundaries. 

“Users  should  have  a  bit  more 
confidence  that  they  can  still 
move  forward  and  gain  benefits,” 
says  Gerry  Gebel,  an  analyst  with 


Burton  Group  who  set  up  the  test. 
“Any  boost  from  the  platform  ven¬ 
dors  is  a  boost  for  the  legitimacy 
of  federation.” 

While  federation  is  just  ramping 
up,  Gebel  says  users  building  iden¬ 
tity  management  systems  must 
take  it  into  account  now  or  face 
costly  retrofitting  later. 

The  vendors  in  the  test  used 
their  federation  servers  in  a  com- 


Start-ups  reinforce  storage  intelligence 


Making  files  intelligent 

A  sampling  of  start-ups  involved  in  extracting  information  from  file  and  other  data. 


Company/Product 

Founded 

Form  factor 

Hie  protocols 
supported 

Product  availability/Price 

Abrevity  SearchBase  Storage  Analyzer 

2003 

Software 

CIFS 

Now/S5,000 

Arkivio  Autostor 

2000 

Appliance-based  software 

CIFS,  NFS 

$4,000  per  terabyte 

Kazeon  Information  Server 

2003 

Appliance-based  software 

CIFS,  NFS 

In  beta  now/NA 

Njini  Information  Asset  Management 

2003 

Appliance-based  software 

CIFS,  NFS 

Now/Pricing  based  on 
amount  of  data  managed 

Scentric  Destiny 

2004 

Software 

All  data 

2006/NA 

StoredlQ  HIPAA  Solutions  Pack 

2001 

Appliance-based  software 

CIFS,  NFS 

Now/S135,000 

BY  DENI  CONNOR 

The  acronyms  were  coined  before 
many  customers  started  plunking 
down  their  dollars. 

Whether  it’s  called  Information 
Asset  Management  (IAM)  or 
Information,  Classification  and 
Management  (1CM)  or  Intelligent 
Data  Management  (IDM),  some 
start-ups  are  banking  on  making 
sense  of  the  burgeoning  data  on 
networks,  classifying  it,  and  storing  it 
on  the  appropriate  media  based  on 
policies  set  by  an  IT  administrator. 

Among  the  early  entrants  are 
Scentric,  Arkivio,  Kazeon,  Njini, 

StoredlQ  and  Abrevity 

The  Taneja  Group  lumps  the  software  and 
appliances  from  these  start-ups  into  what  it 
calls  Information,  Classification  and 
Management. 

“ICM  is  a  class  of  application-independent 
software  that  utilizes  advanced  indexing, 
classification,  policy  and  data  access  capa¬ 
bilities  to  automate  data  management  activi¬ 
ties,”  says  Brad  O’Neill,  senior  analyst  for  The 
Taneja  Group.  “IT  managers  want  to  get  into 
the  data  infrastructure  and  begin  to  make 
business  decisions  on  how  information  is 
grouped,  accessed,  moved,  stored  and  dis¬ 
posed  of.” 

StoredlQ  was  the  first  company  to  come  out 
of  stealth  mode,  in  February  2003,  with  a  prod¬ 
uct  that  resembled  a  storage  resource  man¬ 
agement  (SRM)  package  for  network-attached 
storage  devices.  The  company’s  appliance- 
based  software  gathered  file-based  data  and 
analyzed  it  to  improve  use. 

DeepFile,  as  the  company  was  then  known, 
realized  that  identifying,  isolating  and  separat¬ 
ing  redundant  data  for  improved  utilization 
was  not  a  successful  business  model.  It  reor¬ 
ganized  a  year  later  into  a  company  that 
makes  appliances  that  discover,  monitor  and 
manage  file-based  unstructured  data  for  com¬ 
pliance  and  security  reasons.  StoredlQ  counts 
Blue  Cross  Blue  Shield  of  Arizona  as  one  of  its 
customers. 

The  company  released  its  first  software  pack¬ 


age,  called  the  HIPAA  Solutions  Pack,  in 
January.  The  software  helps  customers  con¬ 
form  to  the  Health  Insurance  Portability  and 
Accountability  Act.  Installed  on  the  StoredlQ 
appliance,  the  HIPAA  Solutions  Pack  uses  a 
lexicon  to  find  files  that  match  specific  regula¬ 
tory  requirements,  and  then  encrypts  them 
and  moves  them  to  the  appropriate  archival 
storage. 

The  Austin,  Texas,  company  plans  other  lexi¬ 
cons  for  regulations  such  as  the  Sarbanes- 
Oxley  Act  and  the  Securities  and  Exchange 
Commission  Rules  17a-3  and  4. 

Other  start-ups  have  also  capitalized  on  this 
nascent  market  of  classifying,  analyzing  and 
acting  on  file-based  data.  Arkivio,  Kazeon, 
Njini  and  Abrevity  use  appliances  based  on 
industry-standard  servers  to  discover,  collect 
utilization  and  usage  statistics,  and  classify 
data  into  logical  groups  for  data  retention 
purposes.  Based  on  rules  an  IT  administrator 
sets,  data  can  then  be  migrated  and  moved 
to  different  tiers  of  storage  for  compliance 
purposes,  and  users  can  retrieve  and  restore 
those  files. 

Established  companies  such  as  EMC  and 
Network  Appliance  have  storage  arrays  and 
software  that  address  file-oriented  data.  EMC’s 
Centera  and  Network  Appliance’s  NearStore 
work  with  data  on  both  Microsoft  Common 
Internet  File  System  (CIFS)  and  Unix/Linux 
Network  File  System  (NFS).  Software  layered 


on  these  boxes,  such  as  Network  Appliance’s 
Virtual  File  Manager,  addresses  a  variety  of 
capabilities,  including  the  categorization  and 
migration  of  storage. 

Scentric,  which  recently  scored  $5.6  million 
in  venture  funding,  is  taking  a  different 
approach.  Outside  Atlanta,  the  company  is 
looking  at  all  forms  of  data,  not  just  CIFS  and 
NFS. 

“Unstructured  data  is  a  big  problem  in  the 
enterprise,  since  it  represents  the  majority  of 
data,”  says  Sanjay  Sehgal,  CEO  of  the  50-person 
company ‘At  the  same  time  when  you  look  at 
data  from  a  business  perspective  —  whether 
it’s  structured  or  unstructured  data,  it  doesn’t 
matter  —  it’s  just  data,  after  all,  any  data  that 
has  my  name  on  it.” 

O’Neill  says  that  Scentric’s  approach  makes  a 
lot  of  sense. 

“Users  think  about  their  information  as  it 
relates  to  the  business  process  and  applica¬ 
tion,”  O’Neill  says.  “They  don’t  think  of  their 
data  by  type  whether  it’s  structured  content 
or  unstructured  content.  They  just  want  to 
protect  it,  move  it  and  migrate  it  according  to 
its  value.” 

The  company’s  software,  code-named 
Destiny  is  expected  to  ship  sometime  next 
year,  says  Sehgal,  who  adds  that  whatever  you 
call  it  —  1AM,  ICM  or  IDM  —  it  is  different  from 
traditional  SRM  software  the  companies  have 
used  in  the  past  to  manage  their  data.  ■ 


bination  of  three  gateway  archi¬ 
tectures  to  swap  user  credentials 
formatted  using  the  Security 
Assertion  Markup  Language 
(SAML)  standard,  the  Liberty 
Alliance  specifications,  the 
Shibboleth  protocols  developed 
for  Internet2  or  the  WS-Federation 
protocol  developed  by  IBM  and 
Microsoft. 

Vendors  have  been  promising 
for  years  that  the  protocols  will 
ultimately  converge,  but  that  has 
not  happened.  Even  versions  of 
the  SAML  specification  —  1.0, 1.1 
and  2.0  —  do  not  interoperate. 

Without  middleware  to  integrate 
the  protocols,  users  are  left  to  pick 
one  and  push  that  decision  out  to 
their  partners. 

“You  don’t  like  to  play  that 
card,”  said  an  IT  architect  with  a 
major  insurance  provider.  “We  are 
large  enough  that  if  we  adopt 
standard  X,  then  we  force  every¬ 
one  to  follow!’ 

But  the  IT  architect  said  he 
would  rather  run  everything 
through  a  third-party  hub  and  let 
it  map  or  translate  dissimilar  pro¬ 
tocols,  so  he  can  avoid  not  only 
forcing  technology  on  his  part¬ 
ners,  but  also  the  inevitable 
headaches  of  integrating  dis¬ 
parate  technologies."!  want  some¬ 
one  else  to  figure  all  that  out,”  he 
said. 

What  the  interoperability  test 
showed  is  that  there  are  three  sce¬ 
narios  for  integration:  a  multi-pro¬ 
tocol  hub;  a  multi-protocol  trans¬ 
lator;  or  a  protocol  integration 
technology  called  a  Security 
Token  Server  (STS)  based  on  the 
WS-Trust  specification  written  by 
IBM  and  Microsoft. 

The  two  industry  heavyweights 
announced  last  week  that  WS- 
Trust  would  be  turned  over  to  a 
standards  body  in  September, 
ensuring  that  it  will  eventually  be 
a  royalty-free  standard  available  to 
all  vendors.  But  WS-Federation, 
which  was  also  developed  by  the 
two  partners  and  is  seen  as  a 
direct  competitor  to  SAML,  is  still 
not  in  a  standards  body 

In  the  hub  model,  the  hub  sits 
on  one  side  of  the  exchange  and 
can  speak  any  protocol.The  trans¬ 
lator  sits  between  partners  and 
converts  protocols  to  match  the 
technology  used  by  the  sending 
and  receiving  parties  in  a  transac- 
tion.The  STS  is  a  lightweight  gate- 
See  Interoperable,  page  12 
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Enterprise  Business  Scenario 
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A  recent  study  of  licensing  and  support  costs  conducted  by  BearingPoint, 
a  leading  independent  consulting  firm,  found  that  these  acquisition  costs 
for  Windows  Server™2003  are  comparable  to  Red  Hat  Enterprise  Linux  or 
Novell's  SUSE  Linux  Enterprise  Server  "despite  the  common  perception  that 
Linux  is  free  or  very  inexpensive."  However,  if  you  require  full  24x7  phone 
support  on  all  servers,  licensing  and  support  for  Windows  Server  2003  can 
cost  up  to  73%  less  than  Red  Hat  Enterprise  Linux*  over  five  years. 

For  the  full  study,  visit  microsoft.com/getthefacts 


|  Windows  Server  2003  Full  Support  (24x7):  10%  of  servers  are  Enterprise  Edition,  90%  Standard  Edition 

Red  Hat  Full  Support  (24x7):  100%  of  servers  are  AS  Premium 

BB  Red  Hat  Limited  Support:  10%  of  servers  are  AS  Premium  (24x7),  90%  ES  Standard  (12x5) 

^  Novell's  SUSE  Linux  (24x7):  10%  of  servers  are  Enterprise  Server,  90%  Standard  Server 
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*Red  Hat  Full  Support  (24x7)  estimates  based  on  case  where  100%  of  servers  are  Enterprise  Linux  AS  Premium.  Red  Hat  Limited  Support  estimates  are  based  on  case  where  10%  of  servers 
are  Enterprise  Linux  AS  Premium  (24x7  phone  support)  and  90%  are  Enterprise  Linux  ES  Standard  subscriptions  (9  a.m.-9  p.m.  EST  M-F  phone  support).  Windows  Server  estimates 
are  based  on  case  where  10%  of  servers  are  Windows  Server  2003  Enterprise  Edition  and  90%  are  Windows  Server  2003  Standard  Edition  (24x7  phone  support  on  all).  This  study  was 
commissioned  by  Microsoft.  ©  2005  Microsoft  Corporation.  All  rights  reserved.  Microsoft,  Windows,  the  Windows  logo,  Windows  Server,  and  Windows  Server  System  are  either  registered  trademarks 
or  trademarks  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries.  The  names  of  actual  companies  and  products  mentioned  herein  may  be  the  trademarks  of  their  respective  owners. 
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survey  compared  with  $59  billion 
in  2000  —  but  venture  capitalists 
are  taking  notice  of  start-ups 
promising  to  better  manage,  opti¬ 
mize  and  secure  corporate  net¬ 
works.  Specifically,  companies  tak¬ 
ing  on  application  and  security 
management  or  addressing 
emerging  technologies  such  as 
Web  services  or  VoIP  will  win  ven¬ 
ture  capital  dollars. 

“IT  organizations  are  putting  in 
place  new  application  computing 
architectures,”  says  Peter  Solvik, 
managing  director  at  investment 
firm  Sigma  Partners.“In  turn,  they 
have  got  to  have  tools  that  enable 
them  to  reduce  the  cost  and  com¬ 
plexity  of  managing  these  multi¬ 
layered  networks.” 

Solvik’s  firm  has  invested  in  up¬ 
starts  such  as  Digital  Fuel,  a  maker 
of  outsourced  services  gover¬ 
nance  software  that  garnered  $20 
million  in  funding  earlier  this  year. 
He  says  the  uptake  in  funding  is 
directly  tied  to  customer  demand 
for  products  that  will  help  man¬ 
age  disruptive  technologies.  Other 
companies,  such  as  Covergence 
and  Qovia,  which  in  2004  brought 
in  more  than  $16  million  in  ven¬ 
ture  funding,  promise  to  help  IT 
departments  manage  IP-based 
applications  on  data  networks. 


Money  on  management 


Start-ups  continue  to  proliferate  to  fill  technology  gaps  in  the  network  and  systems  management 
arena. 


Company 

Covergence 

Groundwork 

UM  Software 

Vericept 

Webify 

Funding 

$6  million  in 

January  2005;  $10 
million  in  Juno  2005 

$3  million  in  May 
2004;  $8.5  million 
in  March  2005 

$15  million  in  May 
2005 

$12.5  million 
in  February  2005 

$11.5  million  in  June 
2005 

Product/ 

technology 

Services  and  appli¬ 
cations  manage¬ 
ment  software  for 
real-time  IP 
communications. 

Groundwork 

Monitor,  an  infra¬ 
structure  monitor¬ 
ing  application  built 
on  open  source 
software. 

ITM  Business  Suite, 

IT  governance 
software. 

Compliance  and 
content  control 
technology  to  help 
organizations  reduce 
risks  and  manage 
corporate 
governance. 

Service-oriented 
business  process 
management 
software  for 
healthcare  and 
insurance  industries. 

as 


“Specialized  areas  such 
voice,  Web  services,  IT  gover¬ 
nance,  security  management  and 
application  mapping  are  chal¬ 
lenging  enterprises  now,  and  the 
incumbent  vendors  can’t  inno¬ 
vate  fast  enough  for  leading-edge 
companies,”  Solvik  says. 

James  Kritcher.vice  president  of 
IT  at  White  Electronic  Designs  in 
Phoenix,  says  he  has  been  chal¬ 
lenged  to  find  tools  to  properly 
manage  the  performance  of  his 
Cisco  and  Inter-Tel  voice  pilot. 
“Traditionally  voice  and  data  have 
been  handled  by  different  groups 
and  few  have  the  combined  ex¬ 
pertise  required  to  manage  a  fully 
converged  network,”  Kritcher  says. 


Interoperable 

continued  from  page  10 

way  that  sits  within  the  network  of  both  partners  and  negotiates  proto¬ 
col  exchange  and  translates  between  formats. 

“There  are  a  lot  of  positive  benefits  to  getting  a  lot  of  smart  people 
together  to  bang  on  each  other’s  code,”  said  Scott  Cantor,  author  of 
OpenSAML  and  the  security  architect  at  Ohio  State  University  which  is 
a  member  of  the  Internet2  project.“I  think  you  will  see  everything  talk¬ 
ing  every  protocol  for  the  foreseeable  future.” 

With  that  model,  users  hope  they  will  be  able  to  reduce  the  effort  it 
takes  to  build  federation  onto  their  current  identity  management 
deployments. 

“We  are  looking  at  federation  both  internally  across  business  units 
and  externally  with  partners,  and  1  want  to  be  able  to  drop  in  a  federa¬ 
tion  server  and  have  it  work,” says  an  IT  strategist  for  a  Fortune  500  man¬ 
ufacturer.  “We  want  to  have  that  loose  coupling  because  it  gives  you  so 
much  more  flexibility?’ 

But  while  protocol  integration  seems  achievable,  users  face  other 
problems  as  they  move  toward  the  sharing  of  identities  across  corpo¬ 
rate  boundaries,  including  trust,  privacy  and  liability  issues. 

Despite  those  limitations,  vendors  say  they  have  learned  something 
about  delivering  federation  products  to  corporate  users. 

“We  have  all  matured  to  realize  that  we  won’t  own  a  customer,  that 
they  won’t  use  products  from  just  a  single  vendor,  so  we  have  to  inter¬ 
operate,”  says  Don  Schmidt,  senior  program  manager  for  Active 
Directory  Federation  Services  at  Microsoft. 

The  other  participants  in  the  interoperability  test  were  BMC  Software, 
Computer  Associates,  DataPower,  HP  Internet2,  Ping  Identity  Symlabs 
and  Trustgenix.  ■ 


He  adds  that  vendors  will  have  to 
develop  products  that  can  diag¬ 
nose  performance  issues  on  both 
data  and  VoIP  traffic. 

The  cost  of  managing  complex 
networks  will  continue  to  grow  as 
companies  embrace  new  tech¬ 
nologies  and  protect  themselves 
from  emerging  threats. 

While  established  providers 
attempt  to  address  emerging  mar¬ 
kets  by  developing  new  tools  or 
pumping  up  their  product  suites 
through  acquisitions,  the  cards 
might  be  stacked  against  them. 
Industry  watchers  point  out  that 
in  some  cases  the  foundation  on 
which  traditional  network  and 
systems  management  tools  are 
built  might  need  revamping. 

“As  you  get  more  distributed 
applications  based  on  distributed 
services,  the  traditional  main¬ 
frame  or  client/server-based  man¬ 
agement  tools  [such  as  those 


from  BMC  Software,  Computer 
Associates,  HP  and  IBM]  won’t  be 
able  to  evolve  as  quickly  as  the 
computing  environment,”  says 
Rich  Ptak,a  principal  analyst  with 
Ptak,  Noel  &  Associates. 

Sigma  Partners’  Solvik  says  ven¬ 
ture-funded  companies  such  as 
Kace,  which  developed  an  appli¬ 
ance  to  manage  and  secure  soft¬ 
ware  on  network  and  desktop 
devices  for  small  and  midsize 
businesses,  might  be  able  to  more 
quickly  address  the  SMB  market 
than  an  incumbent  that  typically 
works  with  large  companies. 

“It’s  difficult  for  large  vendors 
with  installed  bases  to  innovate 
quickly  or  dramatically  change 
their  products,  because  they  are 
supporting  their  current  cus¬ 
tomers  by  slowly  improving  their 
existing  platforms,”  Solvik  says. 

Security  management  is  ex¬ 
pected  to  earn  more  investment 


dollars,  as  well.  Companies  such 
as  security  information  manage¬ 
ment  vendor  Network  Intelli¬ 
gence,  which  raised  $12  million  in 
funding  this  past  February  partial¬ 
ly  from  Bain  Capital  Ventures,  will 
continue  to  win  venture  funding 
as  their  technologies  could  pro¬ 
vide  the  scalability  and  hetero¬ 
geneity  needed  to  manage  thou¬ 
sands  of  devices  containing  perti¬ 
nent  security  information. 

“Management  is  a  very  impor¬ 
tant  market  right  now,  in  terms  of 
networking  and  security  says 
Benjamin  Nye,  a  venture  partner 
with  Bain.“The  network  is  the  No. 
1  source  of  productivity  for  busi¬ 
nesses  today’ 

While  the  Ciscos  and  Check- 
Points  of  the  world  manage  their 
own  gear  quite  well,  networks  are 
growing  more  heterogeneous  as 
time  goes  on,  he  says.  Also,  with 
regulatory  compliance  demands 
creeping  up  on  most  companies, 
sources  for  security  information 
have  expanded  from  just  security 
devices  such  as  firewalls  and 
intrusion-detection  systems  to  in¬ 
clude  Windows  logs, SAP  financial 
data  and  Exchange  servers,  for 
example. 

“The  number  of  people  con¬ 
nected  to  the  Web  and  the  num¬ 
ber  of  applications  on  the  Web  are 
adding  immense  complexity  to  IT 
operations,”  Nye  says. 

“IT  managers  need  the  re¬ 
sources  to  manage  the  complexi¬ 
ty  of  their  workforce,  to  help  them 
support  the  delivery  of  applica¬ 
tions  and  to  secure  the  environ¬ 
ment,”  Nye  adds.  ■ 


Test  shows  VoIP  lagging  in  quality 


BY  STEPHEN  LAWSON,  IDG  NEWS  SERVICE 

VoIP  phone  systems  still  significantly  lag  behind 
the  traditional  phone  network  for  reliability  and 
quality  and  there  are  major  differences  in  quality 
among  brands  of  VoIP  service,  according  to  a  com¬ 
pany  that  evaluated  six  providers  in  the  U.S. 

Keynote  Systems  tested  the  services  for  reliability 
and  quality  by  making  domestic  long-distance  and 
local  calls  from  VoIP  services  to  the  public  switched 
telephone  network  (PSTN)  in  May  and  June  this 
year.  Call  quality  was  evaluated  by  software  and 
used  an  industry  standard  for  listening  quality 
according  to  Dharmesh  Thakker,  senior  product 
manager  at  Keynote.  The  study  involved  more  than 
150,000  automated  VoIP-to-PSTN  calls. 

Keynote  evaluated  these  kinds  of  calls  because 
they  are  the  most  common  type  made  by  VoIP  users, 
he  said.The  survey  evaluated  VoIP  services  accessed 
via  DSL  and  cable  modem. 

Vonage’s  service  came  in  first  place  for  reliability,  a 
measure  that  included  how  often  the  service  was 


available,  the  length  of  any  outages,  the  average  num¬ 
ber  of  call  attempts  before  a  call  went  through,  and 
the  number  of  dropped  calls,  Keynote  said.Vonage 
scored  80  points  out  of  a  possible  100.  There  was  a 
noticeable  gap  in  reliability  between  Vonage  and  the 
other  providers,  which  included  AT&T’s  AT&T 
CallVantage,  8x8’s  Packet8  Broadband  Phone 
Service,  Primus  Telecommunications’  Lingo,  Skype 
Technologies  SAs  SkypeOut  and  Verizon’s  Verizon 
Voice  Wing,  Keynote  says. 

AT&T  CallVantage  ranked  first  for  audio  clarity 
which  included  audio  delay,  listening  quality  and  the 
consistency  of  both  of  those  factors  over  call  time 
and  distance.  It  earned  78  points  out  of  a  possible 
100,  and  CallVantage’s  quality  score  was  noticeably 
better  than  those  of  other  providers. 

The  listening  quality  rating  was  based  on  the 
ITU-T  R862  standard  of  the  International 
Telecommunication  Union  and  was  determined 
using  software  instead  of  subjective  human 
evaluation.  ■ 


Spam,  spyware,  and  virus  protection  at  an  affordable  price 
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Oracle 

modifies 

software 

licensing 

BY  TOM  KRAZIT,  IDG  NEWS 
SERVICE 

Oracle  will  edge  closer  to  a 
licensing  model  for  multicore 
processors  that  has  been  adopt¬ 
ed  by  other  software  vendors,  but 
doesn’t  plan  to  go  all  the  way 
according  to  information  posted 
on  the  company’s  Web  site. 

The  company  said  its  software 
licenses  will  consider  each  indi¬ 
vidual  processor  core  on  multi¬ 
core  chips  to  be  .75  of  a  proces¬ 
sor,  a  change  from  its  earlier  pro¬ 
nouncement  that  it  would  re¬ 
quire  customers  to  purchase  an 
individual  license  for  each  core. 

In  the  past,  software  companies 
generally  licensed  their  products 
based  on  the  number  of  proces¬ 
sors  used  to  run  the  software.This 
practice  has  fallen  under  scruti¬ 
ny  with  the  dawn  of  the  dual-core 
era  for  low-end  server  proces¬ 
sors.  Advanced  Micro  Devices 
(AMD)  released  a  version  of  its 
Opteron  chip  with  two  process¬ 
ing  cores  on  one  chip,  while  Intel 
plans  to  release  a  similar  chip  in 
the  first  quarter  of  next  year. 

Microsoft  and  IBM  have 
announced  that  they  will  charge 
users  per  individual  chip,  not  per 
processor  core,  for  software  that 
runs  on  current  and  future  dual¬ 
core  x86  processors  from  Intel 
and  AMD.  A  copy  of  Windows 
Server  that  would  be  used  on  a 
server  with  two  dual-core  proces¬ 
sors  will  cost  the  equivalent  of 
two  licenses,  not  four.  Oracle  had 
planned  to  charge  customers  for 
four  licenses  in  that  situation. 

Now  Oracle  is  modifying  its 
licensing  policy 

“For  the  purpose  of  counting 
the  number  of  processors  which 
require  licensing,  a  multicore 
chip  with  ‘n’  cores  shall  be  deter¬ 
mined  by  multiplying  ‘n’  cores  by 
a  factor  of  .75.  All  fractions  of  a 
number  are  to  be  rounded  up  to 
the  next  whole  number.  For 
example,  a  multicore  chip  with 
1 1  cores  would  require  a  nine- 
processor  license  [  1 1  multiplied 
by  a  factor  of  .75  equals  8.25 
which  is  then  rounded  up  to  the 
next  whole  number  which  is 
nine],’'  one  section  of  the  licens¬ 
ing  agreement  read.B 


Cisco 

continued  from  page  1 

DKIM  would  be  a  failure  from  an 
IETF  perspective,  but  that  it’s  not 
at  all  clear  the  technology  is  valu¬ 
able  or  worth  doing,”  Hoffman 
says. 

Part  of  the  problem  is  that  there’s 
uncertainty  whether  any  form  of 
e-mail  authentication  will  stem 
the  tide  of  spam.  Supporters  say 
sender  authentication  will  help 
fight  phishing  because  senders 
will  no  longer  be  able  to  make 
their  e-mails  look  like  they’ve 
been  sent  by  a  valid  company 
However,  these  proposals  won’t 
directly  curtail  spam  because 
plenty  of  spammers  don’t  hide 
their  identity 

“No  one  should  think  these 
technologies,  even  if  implement¬ 
ed  perfectly  by  everyone  on 
earth,  will  solve  the  spam  prob¬ 
lem,”  says  Matthew  Prince,  CEO  of 
anti-spam  consulting  firm  Un¬ 
spam.  “But  if  the  worst  spammers 
on  earth  are  the  ones  who  pre¬ 
tend  to  be  from  a  legitimate  on¬ 
line  business  and  instead  are 
stealing  account  information  . . . 
then  these  technologies  are  good 
at  addressing  the  first  line  of  the 
problem.” 

Because  it  involves  encryption, 
DKIM  is  a  more  robust  approach 
than  Sender  ID,  but  also  more  dif¬ 
ficult  to  implement,  Prince  adds. 
Sender  ID  has  suffered  from  dif¬ 
ferences  in  the  way  the  protocols 
it  includes  are  implemented,  caus¬ 
ing  compatibility  problems  that 
led  some  companies  to  rip  it  out 
and  search  for  new  solutions, 
Prince  says.  DKIM  will  likely  capi¬ 
talize  on  this  opportunity. 

Cisco  insists  that  DKIM  and  anti¬ 
spam  efforts  are  not  geared 
toward  making  money  for  now. 

“Our  efforts  have  not  been 
about  creating  a  product,”  Cisco’s 
Pol  says.  “It  has  been  about  pro¬ 
viding  some  thought  leadership 
in  the  industry  and  to  protect  the 
Internet  from  more  abuse.  Is  there 
a  way  to  tie  [Cisco’s  anti-spam 
efforts]  back  to  product?  It’s  a  lit¬ 
tle  bit  far  out  and  it’s  too  early  at 
this  stage  to  talk  about  any  prod¬ 
uct  plans.” 

Regarding  the  DKIM  technology 
which  will  be  available  this 
month  as  an  open  source  mail 


The  spam 
perspective 

Opportunities  and 
challenges  for  Cisco  in 
combating  spam: 

•  The  Radicati  Group  estimates  that 
62%  of  the  86  billion  messages 
sent  per  day  are  spam.  This  costs 
large  businesses  around  $134  per 
year,  per  employee  in  lost  product¬ 
ivity  and  spam  prevention. 

•  IDC  estimates  that  the  market  for 
anti-spam  services,  software  and 
hardware  will  top  $1  billion  world¬ 
wide  next  year. 

•  With  an  estimated  80%  installed 
base,  Cisco  routers  move  a 
majority  of  e-mail  traffic  across 
corporate  and  service  provider 
networks. 


server  plug-in, “there  is  no  intellec¬ 
tual  property  for  us  to  hold  onto,” 
Fbl  says. 

Past  comments  from  top  Cisco 
technology  executives  indicate 
that  spam  is  a  hot  issue  for  Cisco’s 
customer  base  and  that  stopping 
such  nuisance  traffic  at  the  router 
and  switch  level  is  a  problem 
Cisco  engineers  are  examining 
closely. 

In  a  November  2004  interview, 
then-Cisco  CTO  Charles  Giancarlo 
said  network  hardware  will  take 
on  more  gateway-like  functions  as 
it  evolves. 

‘Anti-virus,  anti-spam,  anti-worm, 


anti-whatever  will  be  fundamen¬ 
tal  components  of  the  functions 
of  the  network,”  said  Giancarlo, 
who  earlier  this  month  was  pro¬ 
moted  to  head  of  development  at 
Cisco.  “This  means  routers  and 
switches  and  whatever  elements 
we  have  in  that  network  infra¬ 
structure.” 

Another  recently  promoted  top 
technologist  at  Cisco  also  says 
spam  could  be  taken  on  by  net¬ 
work  hardware. 

“We  have  a  lot  of  application 
security  for  Fbrt  80  misuse,  but  we 
have  to  look  beyond  Fbrt  80,”  says 
Jayshree  Ullal,  senior  vice  presi¬ 
dent  of  Cisco’s  newly  formed  Data 
Center,  Switching  and  Security 
Technology  Group.  She  was  for¬ 
merly  in  charge  of  Cisco’s  Security 
Technology  Group. 

“That’s  something  we  are  look¬ 
ing  to  get  into  in  the  future.  The 
next  step  is  not  just  deep  packet 
inspection  but  also  deep  manipu¬ 
lation  of  HTTP  engines,  SMTP 
engines,  [instant  messaging]  en¬ 
gines  —  that  type  of  stuff. You  can 
leverage  more  of  this  technology 
for  inspecting  and  stopping  traffic 
such  as  spam,”  she  says. 

Observers  say  Cisco’s  quest  for 
adding  new  features  to  routers 
and  switches  could  lead  it  to  an 
anti-spam  focus  in  its  products. 

“Cisco’s  initiative  is  that  they’re 
moving  toward  looking  deeper 
into  the  packet,”  says  Frank 
Dzubeck,  president  of  Com¬ 
munications  Network  Architects. 

This  deep-packet  inspection 
and  routing  technology  falls  in 


line  with  Cisco’s  recent  Appli¬ 
cation  Oriented  Networking  effort 
for  routing  XML-based  messages 
and  its  advanced  intrusion  detec¬ 
tion  and  prevention  technologies 
around  its  Network  Admission 
Control  initiative  for  locking  out 
virus-infected  PCs. 

“If  they’re  looking  that  deep  into 
packets,  why  shouldn’t  they  be 
able  to  filter  out  unwanted  traf¬ 
fic?”  Dzubeck  says. 

“Eventually  you’ll  see  all  anti¬ 
malware  go  into  the  router]’  in¬ 
cluding  spam-prevention  techno! 
ogy  says  Zeus  Kerravala,  an  ana¬ 
lyst  with  The  Yankee  Group.“If  you 
can  put  it  in  the  router  and  get  it 
before  it  comes  in,  that  will  stop 
some  of  the  problem.  It  won’t 
solve  everything,  but  it’s  like  living 
in  a  gated  community:  You  have 
the  gate  around  houses,  but  still 
have  locks  on  front  doors.” 

Getting  network  companies  in¬ 
volved  in  anti-spam  could  be 
good  and  bad,  says  one  user. 

“It’s  not  an  easy  line  in  the 
sand,”  as  to  where  e-mail  security 
enforcement  should  reside,  says 
Jim  Wilson,  network  services 
manager  for  the  city  of  Hender¬ 
son,  Nev.,  which  runs  an  all-Cisco 
network.  “Normally  I’d  say  leave 
[anti-spam  development]  tech¬ 
nology  to  the  application  com¬ 
panies  and  smaller  vendors  that 
can  do  that  well.”  But  as  network 
hardware  and  applications  be 
come  more  intertwined,  Cisco 
gear  could  play  a  larger  role  in 
spam  prevention  than  in  the 
past,  he  adds.  ■ 


Sun  grows  open  source  offerings 


BY  JOHN  FONTANA 

SAN  DIEGO  —  Sun  last  week  said  it  will  provide 
open  source  components  of  its  Web  authentication 
and  single  sign-on  technologies  as  part  of  a  project  it 
is  calling  OpenSSO. 

The  Open  Web  Single  Sign-On  project  includes  a 
subset  of  components  from  Sun’s  forthcoming  Java 
Access  Manager  7.0.  Sun  opened  a  Web  site  last 
week  for  OpenSSO  (opensso.devjava.net)  and  pub¬ 
lished  a  road  map  for  the  project.  Sun  will  make 
available  the  source  code  for  OpenSSO  in  the  hope 
that  customers  and  Java  developers  will  build  its 
authentication  capabilities  into  their  applications. 
The  company  also  will  release  a  binary  distribution 
and  design  documents,  establish  forums  and  make 
sample  code  available. 

The  source  code,  which  will  be  released  under  the 
Sun  Common  Development  and  Distribution 
license,  will  cover  basic  identity  services  such  as 
authentication  and  single-domain  single  sign-on, 
according  to  Sun  officials.  Sun  also  plans  to  release 


the  source  code  for  agents  to  connect  Web  site 
authentication  and  Web  SSO  technologies  with  Sun 
Java  System  Web  Server  and  Sun  Java  System 
Application  Server. 

The  company’s  goal  is  to  make  the  use  of  single 
sign-on  and  Web  access  management  a  given  for  cor¬ 
porate  adopters  and  get  them  to  focus  on  using  that 
technology  for  a  more  complex  project:  identity  fed¬ 
eration,  the  sharing  of  authentication  information 
across  corporate  boundaries. 

“One  of  the  things  we  are  looking  at  is  moving  the 
market  forward  and  changing  the  conversation  peo¬ 
ple  are  having  about  identity!’ says  Eric  Leach,  direc¬ 
tor  of  product  management  for  identity  manage¬ 
ment  at  Sun.“The  analogy  we  are  using  is  that  to  date 
we  have  really  been  arguing  about  the  length  and 
width  of  railroad  ties,  and  what  we  really  need  to  do 
is  start  laying  track  and  get  trains  running  on  sched- 
ule.TTie  overall  goal  of  the  project  is  to  help  users  set 
a  new  agenda  and  give  them  the  tools  to  make  iden¬ 
tity  a  part  of  everything  they  do."H 


The  world’s  most-deployed  server 
platform  now  supports  64-bit 
applications.  The  Intel®  Xeon"  processor 
now  works  harder  for  your  business 
than  ever.  With  innovative  platform  features  that 
enable  power-saving  options,  flexible  memory,  I/O  and 
storage  configurations.  And,  of  course,  continued 
support  for  all  your  existing  32-bit  applications. 

How  can  Intel  Xeon  processor-based  servers  serve  you? 

intel.com/go/xeon 

intel. 


©2005  Intel  Corporation.  Intel.  Intel  Inside,  the  Intel  Inside  logo,  and  Intel  Xeon  are  trademarks  or  registered  trademarks 
of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  All  rights  reserved. 


EMAIL  SECURITY 
POWER  BOOSTER. 


ADD  THE  IRONPORT  X1000T  TO  YOUR  CURRENT 
EMAIL  SECURITY  SYSTEM  AND  IMPROVE  THROUGHPUT  BY  400%. 


The  IronPort  X1000T/  the  world’s  most  innovative  complement  to  your  current 
email  infrastructure  —  delivering  a  400%  increase  in  legacy  system  throughput. 
The  IronPort  X1000T  reduces  the  email  flow  reaching  email  gateways  by  over 
70%  and  protects  existing  email  infrastructures  from  the  scalability  and  efficacy 
problems  posed  by  the  staggering  volume  of  evolving  email-borne  threats.  Non- 
IronPort  email  security  systems  face  several  challenges  as  they  grapple  with  the 
onslaught  of  spam  and  viruses:  maintaining  high  levels  of  accuracy  and  coping 
with  the  scalability  required  to  filter  mail.  The  IronPort  X1000T  uses  IronPort’s 
third  generation  Preventive  Security  applications  to  eliminate  over  70%  of  spam 
and  viruses  before  they  enter  your  network.  Add  the  IronPort  X1000T  to 
your  current  email  security  infrastructure — and  feel  the  power.  For  more 
information  visit  www.ironport.com/leader 


IRONPORT  EXCLUSIVE 


SECURITY  MODELING 


IronPort  is  the  only  company  with 
access  to  global  email  traffic  data 
through  SenderBase'1,  the  world's 
largest  email  traffic-monitoring 
network.  IronPort  applies  advanced 
security  modeling  algorithms  to 
this  data,  resulting  in  sophisticated 
threat  analysis  and  visualization. 


IRONPORT 


Rebuilding  the  World’s  Email  Infrastructure. 


Copyright  2005  IronPort  Systems.  Inc. 
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Industry  looks  to  tackle  spyware 


BY  CHINA  MARTENS,  IDG  NEWS  SERVICE 

The  Anti-Spyware  Coalition,  a  group  of  IT 
companies  and  public  interest  groups,  hopes 
to  succeed  where  a  previous  vendor  organiza¬ 
tion  failed  in  tackling  the  global  problem  of 
spyware. The  ASC  released  a  draft  definition  of 
spyware  last  week  that  it  hopes  will  promote 
public  comment  and  ultimately  result  in  users 
becoming  better  educated  about  the  dangers 
of  spyware. 

The  Consortium  of  Anti-Spyware  Technology 
Vendors  (COAST), initially  drawn  from  compa¬ 
nies  that  sell  security  software,  fell  apart  in 
February  after  a  failed  16-month  effort  to  coor¬ 
dinate  its  members’  conflicting  goals  and  an 
ongoing  debate  over  admitting  companies 
that  created  spyware.  The  ASC,  convened  by 
the  Center  for  Democracy  and  Technology  has 
a  much  wider  membership  than  COAST 

ASC  members  include  AOL,  Computer 
Associates,  HPMicrosoft  and  Yahoo,  along  with 
McAfee,  Symantec  and  Trend  Micro,  and  anti¬ 


spyware  specialist  vendors  Aluria  and 
Webroot.  Other  members  of  the  organization 
are  the  Canadian  Internet  Policy  and  Public 
Interest  Clinic,  the  Cyber  Security  Industry 
Alliance  and  the  University  of  California  at 
Berkeley’s  Samuelson  Law,  Technology  & 
Public  Policy  Clinic. 

Ari  Schwartz,  associate  director  of  the  Center 
for  Democracy  and  Technology  has  been 
heading  up  the  ASC’s  work. 

The  ASC  is  inviting  public  comment  for  the 
next  month  on  documents  it  released  last 
week.The  documents  include  a  list  of  spyware 
and  other  potentially  harmful  technologies 
aimed  at  users,  a  glossary  defining  commonly 
used  terms  relating  to  spyware,  and  safety  tips 
about  how  to  protect  against 
spyware.  There  is  also  a 
process  of  how  to  resolve 
disputes  if  a  vendor  believes 
its  software  has  been  wrong¬ 
ly  tagged  as  spyware. 


“In  its  narrow  sense,  spyware  is  a  term  for 
tracking  software  deployed  without  adequate 
notice,  consent  or  control  for  the  useif  the 
organization  states.  However,  spyware  is  also 
used  as  an  umbrella  term  encompassing  not 
only  its  narrow  definition,  but  also  other 
“potentially  unwanted  technologies,"  the  ASC 
adds,  including  harmful  adware,  unauthorized 
dialers,  root  kits  and  hacker  tools. 

In  its  safety  tips  document,  the  ASC  has  six 
major  recommendations  for  users  to  defend 
themselves  against  spyware:  Keep  the  secu¬ 
rity  on  their  computers  up-to-date;  down¬ 
load  programs  from  Web  sites  they  trust; 
familiarize  themselves  with  the  fine  print 
attached  to  any  downloadable  software; 

avoid  being  tricked  into 
clicking  dialog  boxes; 
beware  of  so-called  free 
programs;  and  use  anti¬ 
spyware,  anti-virus  and 
firewall  software.  ■ 


SECURITY 

Subscribe  to  our  free  newsletter. 
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Tightening  video  integration  with  Microsoft 


BY  JASON  MESERVE 

Videoconferencing  rivals  Fbly- 
com  and  Tandberg  are  enhancing 
their  products  to  let  users  launch 
video  calls  from  an  instant-mes¬ 
sage  chat  session  rather  than  from 
a  dedicated  videoconferencing 
interface. 

Both  companies  are  working 
with  Microsoft  real-time  commu¬ 
nications  and  IM  software,  Live 
Communications  Server  2005,  to 
combine  the  presence  data  with 
information  about  the  kind  of 
communication  devices,  such  as 
the  type  of  video  endpoints,  a 
given  user  may  have  at  his  dispos¬ 
al.  Presence  information  and  call 
initiation  capability  is  aggregated 
inside  Office  Communicator,  the 
latest  IM  application  from 
Microsoft. 

With  Polycom  gear,  a  video  call 
is  initiated  from  Office  Com¬ 
municator  but  handed  off  to  the 
users’  respective  video  endpoint, 
be  it  the  company’s  PVX  desktop 
video  application  or  a  more  tradi¬ 
tional  VSX  group  system,  to  con¬ 
duct  the  call.  Tandberg  takes  the 
integration  a  step  further  by  allow¬ 
ing  direct  communication  be¬ 
tween  its  traditional  endpoint 
products  and  Office  Communi¬ 
cator,  which  is  essentially  a  soft¬ 
ware-based  Session  Initiation 
Protocol  audio/video  endpoint. 

Tandberg  also  optimized  its 


To  help  lower  the  price  of  its  new 
VSX  5000  entry-level  group  video- 
conferencing  unit  Polycom  used  a 
digital  pan-tilt-zoom  camera 
instead  of  a  mechanical  device. 


multi-point  control  unit  (MCU) 
line  to  be  able  to  add  Office  Com¬ 
municator  users  into  a  multi-site 
video  meeting. 

‘All  of  the  major  [videoconfer¬ 
encing]  players  are  jumping  on" 
Live  Communications  Server,  says 
Andrew  Davis,  managing  partner 
at  Wainhouse  Research.  “They’re 
adopting  the  Microsoft  infrastruc¬ 
ture  story  and  developing  com¬ 
patibility  with  Microsoft  end¬ 
points,  since  [Office  Communi¬ 
cator]  will  be  everywhere  soon.” 

Polycom’s  Keith  LeFebvre,  vice 
president  of  product  marketing 
and  management,  echoes  Davis’ 
sentiment, saying  that  while  Office 


Communicator  could  be  consid¬ 
ered  competition  to  the  PVX 
application,  Microsoft’s  involve¬ 
ment  in  video  and  IM  will  only 
help  legitimize  the  field. 

“The  industry  is  stuck  in  an 
installed-base  situation;  they’re 
convinced  already  but  there’s  not 
a  lot  of  new  converts,”  LeFebvre 
says. “With  instant  messaging,  peo¬ 
ple  started  using  at  home,  and  it 
became  a  grass-roots  thing  that  IT 
had  to  support.We  want  the  same 
thing  to  happen  with  video.” 

In  addition  to  their  respective 
integration  efforts  with  Microsoft, 
Polycom  and  Tandberg  made  a 
number  of  other  announcements 
last  week  at  the  Wainhouse 
Summit  in  Boston. 

Polycom  is  simplifying  its  line  of 
videoconferencing  endpoint 
options  by  eliminating  the  older 
iBower  and  ViewStation  systems 
and  reshuffling  its  current  VSX 
series.The  ViewStation  and  iPower 
still  will  be  supported  for  the  fore¬ 
seeable  future,  LeFebvre  says. 

Fblycom  is  adding  a  VSX  5000 
entry-level  group  unit  priced  at 
about  $4,000;  created  two  new 
VSX  7000  units  —  a  standard  set¬ 
top  device  with  integrated  cam¬ 
era  (about  $7,000)  and  a  rack- 
appliance  for  custom  rooms 
(about  $9,000)  .The  company  also 
is  shipping  Version  8.0  of  its  PVX 
desktop  software  that  now  in¬ 


cludes  the  ability  to  share  both 
video  and  data  content  simulta¬ 
neously  in  a  call. 

Julie  Lytle,  telemedicine  coordi¬ 
nator  at  Beth  Israel  Deaconess 
Medical  Center  in  Boston,  likes 
the  PVX’s  user-friendly  interface 
and  $149  price. “Its  a  price  point 
where  you  can  justify  to  be  able  to 
deploy  more  widely  than  with  a 
$10,000  appliance  or,  in  the  past, 
$60,000  [PictureTel]  Concorde.” 

Tandberg  is  just  as  busy  releas¬ 
ing  the  new  MPS  200,  a  midsize 
MCU  capable  of  handling  up  to  32 
video  and  32  audio  connections 
at  a  time.  MPS  200  starts  at 
$47,000.  Both  the  Tandberg  Gate¬ 
keeper  and  Border  Controller 
products  are  being  beefed  up  as 
well  with  software  upgrades 
boosting  their  simultaneous  call 
capability  from  20  to  100.  The 
company  also  enhanced  the  call¬ 
routing  capability  in  its  Tandberg 
Management  Suite  software  to 
better  deal  with  network  compo¬ 
nents  that  may  .go  down  or  fail.  ■ 


Correction 


■  The  story  "Wireless  growth 
strategy"  (July  11,  page  17) 
should  have  stated  that  Proxim 
merged  in  2002  with  Western 
Multiplex. 


SWITCH  TO  POSTINI.  THE  SMART  MOVE 


PREEMPTIVE  EMAIL  PROTECTION 


POSTIN  PROVED  ITSELF 

UND  R  FIRE,  SO  SWITCHIN  WAS 


At  Business  Objects,  we  discovered  the  difference  Postini  could  make  when 
the  Sobig  virus  hit.  Email  servers  protected  by  Postini  were  unaffected.  Not 
so  with  the  freeware  product  we  had  been  using.  So  switching  to  Postini  was 
simply  a  smart  move.  Now  we’ve  locked  down  our  email  communications 
worldwide  with  Postini’s  secure  email  boundary  services.  We  consider 
Postini  a  trusted  partner  in  our  holistic  approach  to  email  security— saving 
both  time  and  money. 

AARON  BARAK,  ARCHITECT-GLOBAL  DIRECTORY  AND  MESSAGING  SERVICES 

BUSINESS  OBJECTS,  5  OSE,  CALIFORNIA 


FIND  OUT  WHY  COMPANIES  ARE  SWITCHING  TO  POSTINI.  DOWNLOAD  A  FREE  WHITE  PAPER  AT 
WWW.POSTINI.COM/NW2,  OR  CALL  US  TODAY  AT  888.584.3150 
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Short  Takes 


■  A  joint  venture  of  mobile  technolo¬ 
gy  companies,  mTLD  Top  Level 
Domain  Ltd.,  next  year  is  expected 
to  start  issuing  Internet  domain 
names  under  the  new  .mobi  top-level 
domain  name,  the  company  said  last 
week.  The  .mobi  domain  is  intended 
for  sites  that  are  designed  to  be 
used  on  cell  phones  and  other  mobile 
devices.  The  company  hopes  to  fos¬ 
ter  more  mobile  use  of  the  Internet. 
The  company,  which  was  formed  by 
Microsoft,  Nokia,  the  Global  System 
for  Mobile  Communications 
Association,  Vodafone  and  others, 
has  completed  a  contract  with  the 
Internet  Corporation  for  Assigned 
Names  and  Numbers  that  formalized 
the  creation  of  the  .mobi  domain. 
After  it  creates  a  registry  service, 
mTLD  expects  to  begin  issuing  .mobi 
domain  names  in  the  first  half  of 
next  year.  It  has  been  contracted  to 
provide  the  registry  service  for  .mobi 
for  the  next  10  years. 

■  Attackers  are  becoming  increas¬ 
ingly  aggressive  as  they  look  to  grow 
their  zombie  armies  of  infected  PCs, 
according  to  anti-virus  vendor 
McAfee.  Last  week,  the  company 
reported  that  the  number  of  systems 
infected  with  malicious  software 
that  allows  the  PC  to  be  used  for 
unauthorized  purposes  jumped  by 
303%  during  the  second  quarter  of 
2005  from  the  previous  quarter. 
Whereas  high-profile  attacks  such 
as  the  My  Doom  worm  in  2004  gener¬ 
ally  left  no  doubt  as  to  whether  a 
user's  system  was  infected,  attack¬ 
ers  are  now  using  more  subtle  tech¬ 
niques,  often  invisibly  seizing  control 
of  a  machine  with  tiny  programs 
called  bots  that  await  instructions 
from  their  creators.  These  bots  allow 
an  infected  machine,  sometimes 
called  a  zombie,  to  be  used  for  a 
variety  of  illegal  purposes,  such  as 
sending  spam  or  participating  in  a 
denial-of-service  attack  against  a 
Web  site,  McAfee  says.  McAfee 
researchers  recorded  nearly  13,000 
cases  of  attempted  bot  hijackings, 
up  from  about  3,000  during  the  first 
quarter  of  2005. 


Cisco  speaks  apps  language 


Cisco  for  years  has  talked  about 
moving  “up  the  stack  “  —  taking  on 
more  application-based  network 
roles  instead  of  just  moving  packets 
at  Layers  2  and  3.  The  recent  launch 
of  Cisco ’s  Application-Oriented 
Network  (AON)  business  unit  is  the 
latest  move  in  this  direction,  with 
the  introduction  of  hardware  and  software  that  can 
read  XML  message  traffic  and  route  whole  messages 
instead  of  just  packets.  But  instead  of  buying  its  way 
into  the  XML  market,  Cisco  has  hired  TafAnthias,  a  32- 
year  IBM  veteran  and  former  head  of  its  MQ  messaging 
group,  to  lead  the  internal  development  of  XML  and 
message-based  switching  technology  Anthias  serves  as 
vice  president  of  Cisco ’s  AON  business  unit,  and  he 
spoke  with  Network  World  Senior  Editor  Phil 
Hochmuth  about  the  vendor’s  latest  data  center  initia¬ 
tive.  This  is  an  edited  transcript  of  that  discussion. 

When  Cisco  moves  into  new  markets,  such  as  telephony  or  storage, 
this  sometimes  forces  customers  to  reorganize  IT  responsibilities, 
such  as  shifting  voice  management  from  a  company's  telecom 
group  to  the  networking  group.  How  will  AON  affect  the  network 
staff  and  other  groups  that  manage  applications  and  data  center 
equipment  in  large  businesses? 

From  lessons  like  voice  and  storage,  we’ve  learned  a  lot 


about  how  new  kinds  of  products  are  accepted  by  cus¬ 
tomers,  and  who  we  are  actually  going  to  be  selling  to. 

Among  our  customers,  we  find  a  clear  delineation  of  roles 
between  network  groups  and  applications  management 
groups.  So  there  are  two  separate  sides.  The  networking 
group  doesn’t  necessarily  control  certain  pieces  of  network 
equipment,  such  as  load  balancers  or  data  center  switches. 
And  it’s  not  the  application  group’s  responsibility  to  control 
what’s  inside  a  switch  or  router. 

But  the  deployment  of  AON-based  products  will  involve 
both  groups.They  do  need  to  work  together.  Now  the  job  of 
the  networking  group  will  be  to  push  AON  policies  to  the 
switch.  So  there  will  have  to  be  some  kind  of  a  hand-over 
point  from  the  applications  group  to  the  network  staff.  It  is  a 
shift,  which  can  be  valuable,  but  we’re  not  going  to  force  it 
artificially  on  customers  that  are  not  ready 

By  bringing  middleware  functions  into  network  hardware,  is  Cisco 
potentially  taking  away  business  from  the  software  vendors  you're 
planning  to  partner  with? 

Pbtentially  there  could  have  been  some  kind  of  issue  there 
if  we  did  not  bring  in  the  partners  we  did  early  on  in  the 
process.  Because  we  reached  out  to  everyone,  we  were  able 
to  determine  where  this  kind  of  technology  makes  sense. 
This  is  not  about  force-fitting  anything.  From  a  middleware 
vendor’s  perspective,  this  is  a  useful  technology  they  can  use 
to  help  customers.  We  have  very  productive  relationships 
with  IBM  and  Tibco.and  others  will  develop  over  time. 

So  1  don’t  see  a  conflict. You  can  always  ask  this  kind  of 

See  Cisco,  page  20 


Riverbed  keeps  remote  offices  up 


BY  TIM  GREENE 

Riverbed  Technology  is  upgrading  its 
WAN  acceleration  appliance  software  to 
help  customers  keep  corporate  files 
available  to  remote  workers  if  WAN  con¬ 
nections  fail. 

Riverbed’s  Steelhead  appliances 
placed  at  either  end  of  wide-area 
connections  already  use  a  variety 
of  means  to  speed  up  performance  on 
those  links  but  can  now  serve  files 
locally  even  if  the  connection 
between  branch  sites  and  central 
servers  is  broken. 

Similar  to  capabilities  announced  recent¬ 
ly  by  Tacit  Networks  (www.network 
world.com,  DocFinder:  8031),  Riverbed’s 


new  Proxy  File  Services  feature  in 
Steelhead  2.0  software  lets  customers  des¬ 
ignate  which  files  should  remain  accessible 


Riverbed's  Steelhead  device  keeps  remote  users 
connected  even  when  there  are  WAN  problems. 

during  outages  and  how  extensive  the 
access  should  be. 

For  example,  a  file  can  be  designated  for 


read-only  access,  read/write  access  or  no 
access  in  the  event  of  a  WAN  failure. This 
capability  defaults  to  a  global-access  set¬ 
ting,  which  means  files  can  be  accessed 
only  directly  from  the  server  storing 
them.  Local  storage  mode  places  a  copy 
of  a  file  on  a  local  Steelhead  device 
where  it  can  be  accessed  and  altered. 
Broadcast  mode  places  a  file  on  multi¬ 
ple  Steelheads  but  allows  users  to  only 
read  them,  the  company  says. 

“It’s  not  an  all-or-nothing  proposition,” 
says  Steve  Duplessie,  an  analyst  with 
Enterprise  Strategy  Group.  If  all  files  were 
stored  at  the  local  server  and  had  to  be 
updated  periodically,  that  could  clog  the 
See  Riverbed,  page  20 
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AON:  An  ‘all  or  nothing’  approach? 


TOLLY  ON  TECHNOLOGY 

Kevin  Tolly 


Not  satisfied  with  being  the  pre¬ 
eminent  network  hardware  ven¬ 
dor  on  the  planet,  Cisco  leaps  to 
the  top  of  the  stack  with  its  new 
Application-Oriented  Networking 
strategy  If  the  network  giant  suc¬ 
ceeds,  competitors  might  view 
AON  to  mean  ‘All  Over  Now”  as 
Cisco’s  lock  on  most  corporate 
networks  could  turn  into  a  stran¬ 
glehold. 

For  a  company  such  as  Cisco, 
future  well-being  is  tightly  cou¬ 
pled  with  growth.  And  when  you 
own  the  lion’s  share  of  the  exist¬ 
ing  “lower  stack”  market,  you  real¬ 


ly  can  only  find  that  growth  by 
creating  a  new  market  and  then 
dominating  it.  The  notion  of  hav¬ 
ing  network  gear  that  interacts 
directly  with  applications  is  not 
an  incremental  approach  at 
broadening  a  space,  but  goes 
right  to  the  goal  of  establishing 
Cisco  not  just  as  a  key  player  in  IT 
networks,  but  crucial  in  IT  — 
period. 

Perhaps  Cisco  was  motivated  by 
its  recent  success  in  penetrating 
the  VoIP  application  arena 
against  a  telephony/PBX  industry 
that  had  gained  locks  on  their 
accounts,  in  some  cases  decades 
before  Cisco  even  came  into 
existence.  If  it  could  make 
progress  under  those  circum¬ 
stances  then  “create  and  domi¬ 
nate”  in  a  new  space  might  seem 
like  a  relative  breeze. 

While  “content”  networks  have 
been  around  for  a  few  years  and 


application-oriented  firms  — 
usually  focused  on  XML  —  such 
as  Forum  Systems,  Datapower 
and  Sarvega  have  gotten  a 
foothold  in  the  industry,  CIO- 
awareness  of  their  brands  and 
offerings  is  nothing  compared 
with  Cisco.  Now,  just  to  keep  up 
with  Cisco,  will  companies  such 
as  Alcatel  and  Nortel  be  almost 
forced  to  try  to  snap  up  one  of 
these  firms? 

What  is  there  to  read  between 
the  lines  here?  Is  it  a  tacit  admis¬ 
sion  by  Cisco  that  its  fundamen¬ 
tal  value  proposition  has  been 
seriously  eroded  in  recent  years? 
Is  the  company  admitting  that 
Layer  2/Layer  3  gear  from  any 
number  of  vendors  can  provide  a 
decent  corporate  infrastructure? 
In  Cisco’s  AON  press  release,  the 
obligatory  analyst  quote  from 
Gartner  speaks  disparagingly  of 
the  “conventional  architecture, 


[where]  intelligent  application 
systems  interact  through  a  low- 
function,  fairly  ‘dumb’  network.” 
Considering  that  most  networks 
are  Cisco-architected  networks, 
he  is  saying, “Well,  there  is  nothing 
special  about  any  network  — 
until  you  make  it  smart.”  Isn’t  he? 
Then  what  have  we  been  con¬ 
cerned  about  all  these  years? 
Never  mind. 

That  said,  there  are  several 
scary  elements  for  vendors  and 
end  users  about  the  AON  strategy. 
For  starters,  while  the  press 
release  is  gargantuan  at  more 
than  1,800  words,  one  word  you 
won’t  find  in  it  is  “open”  —  as  in 
open  standards.  The  word  “stan¬ 
dard”  does  appear  twice  but  only 
for  referencing  data  exchange 
standards  in  vertical  markets. 

So  in  this  world  of  IETF  ITU  and 
IEEE  —  Cisco  is  going  it  alone. 
The  Industry  Support  section  of 


the  release  lists  some  nine  appli¬ 
cation  vendors  that  support  the 
program,  but  Cisco  apparently 
doesn’t  feel  that  having  even  a 
single  other  network  vendor  on 
board  matters.  Furthermore, 
Cisco  doesn’t  state  that  it  will 
make  any  of  its  “transformation” 
logic  public. 

So  what  could  be  coming 
down  the  pike?  The  ultimate 
vendor  lockout.  With  Cisco  sell¬ 
ing  top  brass  on  the  AON  notion 
and  then  being  the  sole  suppli¬ 
er  of  AON-capable  switches  and 
routers,  the  buying  decision 
becomes,  perhaps,  a  simple 
AON  or  no-AON  one.  Scary 
thought. 

Tolly  is  president  of  The  Tolly 
Group,  a  strategic  consulting  and 
independent  testing  company.  He 
can  be  reached  at  ktolly@ 
toHy.com. 


Riverbed 
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WAN  links  that  the  Riverbed  boxes  were  installed  to  keep  free, 
he  says  “It’s  going  to  take  up  some  space.This  [feature]  helps 
to  fine-tune  the  wire.” 

For  architectural/engineering  firm  Blakely  Johnson  & 
Ghusn  in  Reno,  Nev.,  the  local  file  serving  not  only  protects 
against  WAN  outages  but  speeds  general  file  access,  says 
Ron  Maxwell,  IT  manager  for  the  firm,  which  has  removed 
file  servers  from  its  Las  Vegas  branch  office  in  an  effort  to 
reduce  confusion  among  different  versions  of  files.“Instead 
of  going  across  the  WAN  to  the  main  office  and  grab  files 
and  bring  them  back,  they’ll  go  to  a  local  file  server"  he  says. 

Riverbed  is  also  adding  TCP  acceleration  to  the  device, 
improving  performance  across  IP  networks  by  making  less- 
pronounced  reductions  in  sending  speed  when  lines 
become  congested  and  by  returning  to  full  speed  more 
quickly  when  congestion  clears,  making  effective  through¬ 
put  subject  to  less  dramatic  and  prolonged  swings. 
Duplessie  says  TCP  acceleration  is  already  implemented  by 
competing  vendors  such  as  Tacit,  Swan  Labs  and  Juniper. 

Steelhead  2.0  adds  acceleration  for  Microsoft  SQL  traffic 
over  and  above  TCP  acceleration.  Many  protocols  require 
many  back-and-forth  transactions  that  can  result  in  delay. 
By  having  local  Steelhead  machines  respond  as  if  they  were 
the  remote  database,  some  of  these  transactions  don’t  have 
to  cross  the  WAN,  improving  response  time. 

Riverbed  also  is  introducing  the  Steelhead  2510  and  3510. 
Both  are  based  on  existing  Steelhead  hardware  but  have 
software  that  supports  larger  WAN  links  and  more  simulta¬ 
neous  TCP  sessions  than  current  models.The  2510  supports 
6M  bit/sec  WAN  links  and  1,500  TCP  sessions  and  costs 
$24,000.The  3510  supports  20M  bit/sec  WAN  links  and  2,400 
TCP  sessions  and  costs  $39,000.  Both  are  available. 

Riverbed  also  offers  customers  the  option  to  upgrade  cer¬ 
tain  models.  A  Steelhead  510  can  be  upgraded  to  a  1010  for 
$4,200;  a  2010  can  be  upgraded  to  a  2510  for  $7,200;  and  a 
3010  can  be  upgraded  to  a  3510  for  $7,200.B 


Cisco 

continued  from  page  19 

question  when  you’re  in  an  evo¬ 
lutionary  point  in  the  industry 
When  middleware  vendors  see 
the  value  AON  provides  them,  the  benefits  will  be 
clear. 

There  are  so  many  problems  to  be  addressed  in  Web 
services  and  SOA  applications. The  entire  pie  of  poten¬ 
tial  IT  spend  on  technology  and  services  for  tying 
applications  together  is  so  large,  it  way  exceeds  any 
kind  of  revenue  that  these  vendors  would  see  by 
installing  middleware  servers  that  do  the  tasks  that 
AON  products  perform. There’s  plenty  of  IT  spend  to 
go  around  for  everyone. 

What  is  the  technical  advantage  of  an  AON  blade  in  a  router 
or  switch  vs.  an  IBM  BladeCenter  running  middleware  soft¬ 
ware? 

There  are  a  number  of  advantages  of  an  integrated 
network  offering.  One  of  them  is  the  consolidation  you 
have  in  the  switch  in  the  data  center  somewhere. You 
could  already  have  a  switch  in  the  DMZ  or  behind  the 
firewall. 

So  that’s  the  point  at  which  you  can  enforce  policies. 
There’s  no  way  of  getting  around  that  —  you  have  to 
go  through  those  switches  in  the  network.  In  the  other 
model,  XML  traffic  has  to  be  specifically  sent  to  the 
software  running  on  a  blade  server.  And  do  you  really 
want  to  put  a  BladeCenter  in  the  DMZ? 

You  also  have  special-purpose  hardware  with  the 
Catalyst  switches  and  routers.Those  are  routing  sys¬ 
tems  that  have  been  designed  to  put  more  and  more 
services  into  them,  whereas  BladeCenter  equipment  is 
basically  a  general-purpose  computing  platform. 

We’ll  also  be  introducing  specialized  hardware  appli¬ 
ances  later  on  this  year  to  run  AON  services,  which 
can  run  inside  the  data  center  with  servers. 


What  is  the  difference  between  what  AON  does  and  Layer  7 
switching? 

Layer  7  switching  doesn’t  really  speak  the  language 
of  applications.  It’s  like  someone  from  England  who 
goes  to  France. You  might  go  to  France  and  be  able  to 
say“bonjour,’’“oui’’and“non,”and  you  might  be  able  to 
manage. 

And  that  knowledge  is  invaluable,  just  speaking  those 
few  words  can  get  you  by  But  you  can’t  really  get  a  job 
in  France  with  that,  like  if  you  wanted  to  become  a 
psychiatrist  in  France. 

So  you  have  to  understand  the  whole  language.  So 
that’s  the  big  difference;  AON  products  understand  the 
actual  message  content,  not  just  the  HTTP  headers 
here  and  there. 

Although  there  is  still  a  very  valuable  role  that  Layer 
7  switches  play,  because  they  have  a  very  high  level  of 
scalability. These  are  point  products  you  install  to  bal¬ 
ance  loads  across  servers.  There  are  some  similarities. 
But  having  the  ability  to  tell  the  difference  between  a 
$9  million  purchase  order  and  a  $9  purchase  order  — 
data  that  is  deeply  embedded  in  the  text  of  an  XML 
message  —  is  something  different. 

Is  AON  one  of  Cisco  Advanced  Technology  groups,  which  John 
Chambers  often  alludes  to?  Does  this  business  have  billion- 
doilar  potential,  which  is  Cisco's  criteria  for  an  Advanced 
Technology? 

We’re  not  going  to  deal  with  the  issues  of  numbers 
and  revenue  expectations  now,  or  whether  AON  is  an 
actual  Advanced  Technology  because  that  would  be 
in  implicit  statement  about  revenue  expectations. 

We’re  not  dealing  with  that  issue  now,  but  you  can 
see  that  we’re  excited  about  this  technology.  But  to  get 
into  discussions  this  point,  before  the  product  is  even 
available,  is  premature  and  too  presumptuous.  ■ 
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Short  Takes 


City  finds  big  savings  in  Linux 


Relying  on  Linux 


By  running  Linux  thin  clients,  the  city  and  county  of  Kenosha,  Wis.,  saves 
thousands  of  dollars  in  management  and  support  costs.  A  look  at  how  it  works: 


Linux  Neoware  Eon  thin  client 
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Linux  server 


Application  server 


n  An  end  user  logs  onto  an  embedded  Linux  Neoware  Eon  thin  client  with  a  user  ID  and  password. 

B  The  thin  client  connects  to  a  remote  Linux  server  and  the  user  ID  and  password  are  validated  through  Light¬ 
weight  Directory  Access  Protocol,  which  configures  the  client  system  and  makes  the  user's  files  appear  local. 

B  When  the  user  kicks  off  an  application,  such  as  a  payroll  application,  it  is  loaded  from  an  application  server, 
also  running  Linux. 

The  application  then  runs  in  a  typical  client/server  configuration,  where  data  is  sent  back  and  forth  over 
the  network,  except  that  windows  are  managed  locally  so  that  processes  such  as  mouse  moves  and  screen 
refreshes  do  not  traverse  the  network. 


■  IBM  has  unveiled  a  cooling  system 
that  executives  say  can  cut  server 
heat  output  by  as  much  as  55%, 
allowing  corporate  users  to  pack 
more  processing  power  in  smaller 
spaces.  Code-named  “Cool  Blue,"  the 
technology  is  a  rear  door  for  standard 
42U  racks  from  IBM  that  uses  chilled 
water  from  existing  data  center  air- 
conditioning  systems  to  cool  hard¬ 
ware  and  dissipate  heat.  Officially 
called  the  IBM  eServer  Rear  Door 
Heat  eXchanger,  the  product  is  made 
up  of  sealed  tubes  filled  with  chilled 
water.  The  Heat  eXchanger  starts  at 
just  less  than  $4,300. 

■  Acopia  is  expanding  the  capabili¬ 
ties  of  its  network-attached  storage 
virtualization  product  with  the  addi¬ 
tion  of  a  global  namespace,  load 
balancing  and  new  software  to 
manage,  configure  and  monitor  its 
ARX500  appliances.  Its  load-balanc¬ 
ing  technology  allows  ARX500  appli¬ 
ances  to  be  clustered  and  be  more 
highly  available.  The  ARN  (Adaptive 
Resource  Network)  Manager  is 
used  to  configure,  monitor  and 
manage  the  ARX  appliance.  The 
ARN  Site  Analyzer  allows  IT  to 
inventory  the  file  resources  man¬ 
aged  by  the  ARX500  and  analyze 
them.  The  drives  are  expected  to  be 
available  next  month.  The  company, 
founded  by  Cheng  Wu,  says  its 
global  namespace  gives  customers 
the  ability  to  deploy  failover  ser¬ 
vices  between  sites  and  allows  the 
scaling  of  distributed  data.  The 
Acopia  ARX500  starts  at  $25,000. 

■  IBM  is  expanding  the  storage 
capability  of  its  TotalStorage 
DS8000  and  DS6000  systems  by 
adding  146G-byte  drives  that  operate 
at  15,000  rpms.  These  drives  will 
complement  IBM’s  15,000-rpm  736- 
byte  drives  and  its  146G-  and  3006- 
byte  10,000-rpm  drives.  The  15,000- 
rpm  drives  will  be  used  for  storing 
applications  that  require  high  perfor¬ 
mance  and  availability,  while  the 
10,000-rpm  drives  can  be  used  to 
store  less-critical  data.The  DS6000 
and  DS8000  start  at  $97,000. 


BY  JENNIFER  MEARS 

uth  Schall  remembers  when  vendors 
and  fellow  IT  directors  would  look  at 
her  network  and  scratch  their  heads. 

“I  would  get  calls, and  people  would  think 
we  were  freaks.  They’d  say  ‘What  are  you 
doing?”’  recalls  Schall,  director  of  MIS  for 
the  city  of  Kenosha,  Wis.  “But  people  don’t 
consider  us  quite  so  strange  anymore.” 

Now,  instead  of  expressing  surprise  at  the 
broad  use  of  Linux,  Kenosha’s  peers  are 
calling  for  advice.  “It’s  been  interesting  to 
watch  the  evolution.  Now  we  have  people 
call  and  say ‘Can  we  come  in  and  see  what 
you’re  doing?”’ she  says. 

Kenosha,  a  city  of  about  100,000,  was  on 
the  bleeding  edge  when  it  began  deploying 
Linux  nearly  a  decade  ago.  The  city  had 
been  a  Unix  shop,  but  as  IT  demands 
became  more  dynamic  and  more  depen¬ 
dent  on  the  Internet,  Schall  decided  that 
instead  of  buying  more  Unix  boxes,  it  was 
time  to  look  at  an  inexpensive  alternative. 

“We  started  bringing  in  Linux  for  our  Web 
servers,  our  mail  servers,  DNS,” she  says.“We 
had  read  about  how  stable  [Linux]  was 
and  we  wanted  to  see  for  ourselves.” 

They  also  wanted  to  see  what  cost  savings 
they  could  achieve.  A  study  Schall  con¬ 
ducted  years  ago  showed  that  the  city  aver¬ 
aged  savings  of  about  $100,000  a  year,  and 
she  believes  it  could  be  higher  today 

Much  of  the  savings  comes  from  Linux 
being  easier  to  monitor  and  manage,  espe¬ 
cially  on  the  desktop.  “Without  Linux,  we 
wouldn’t  be  able  to  get  by  with  the  people 
we  have,”  Schall  says. 

Schall’s  full-time  staff  of  four  manages 
about  300  client  devices  and  about  20 
servers  for  19  departments,  many  of  which 
are  remote.The  remote  sites  are  connected 
via  private  lines  or  DSL.  The  servers  run 
more  than  a  dozen  homegrown  legacy 
applications,  including  systems  for  tax 
receipts,  payroll  and  water  bills. 

Today  most  of  the  city’s  servers  are  from 
Penguin  Computings  firm  founded  in  1998 
that  specializes  in  Linux  servers.  Its  client 
devices  are  Neoware-embedded  Linux  thin 
clients  (see  diagram)  that  run  a  variety  of 
open  source  applications,  including  Open 
Office. The  city  uses  Red  Hat  Linux. 

Schall  says  there  were  no  major  issues 
with  the  migration  to  Linux  on  either  the 


server  or  the  desktop.  The  city  never  used 
Microsoft  on  the  desktop  and  so  is  in  the 
process  of  transitioning  from  WordPerfect 
to  OpenOffice. 

“For  the  most  part,  everybody  is  happy/ 
says  Schall,  who  adds  that  OpenOffice  inte¬ 
grates  smoothly  with  Microsoft  Word  and 
Excel  documents. 

A  key  benefit  of  using  open  source  appli¬ 
cations  such  as  OpenOffice  and  the  Firefox 
Web  browser  is  that  they  are  platform  inde¬ 
pendent,  says  Tig  Kerkman,  Kenosha’s  net¬ 
work  administrator. 

“So  my  users  can  download  OpenOffice 
for  free  and  use  it  at  home  on  whatever 
hardware  they  have,”  he  says. 

As  for  the  server  side  of  things,  Kerkman 
says  migration  has  been  pain  free. 

“As  we  grew,  I  haven’t  really  hit  a  road¬ 
block  saying,  ‘Oh,  I  can’t  do  this  because 
we’re  running  Linux,’”  he  says. 

Still,  when  Kenosha  first  deployed  Linux  it 
was  careful  to  find  a  hardware  partner  that 
knew  Linux  inside  and  out. 

“At  the  time  we  were  also  talking  [with  a 
major  systems  vendor]  that  was  talking 
about  selling  Linux.  But  it  became  apparent 
that  they  had  certified  machines  for  Linux, 
but  they  didn’t  know  anything  about  it,” 
Schall  says.“I  wanted  somebody  who  knew 


a  lot  about  it  so  that  if  we  needed  help,  we 
would  be  able  to  find  it.” 

Schall  notes  that  brand-name  vendors 
such  as  HP  and  IBM  are  big  Linux  backers, 
but  she  has  stayed  with  Penguin  because 
hardware  prices  from  the  bigger  firms  have 
only  recently  come  down. 

“Businesses  and  governments  are  some¬ 
times  afraid  [of  Linux]  because  they’re 
unsure  where  the  support  is  coming  from,” 
she  says.  “I  say  don’t  ever  be  afraid  of  that, 
because  when  you  need  the  support,  it’s 
out  there  in  the  form  of  the  open  source 
community.  It’s  much  better  than  anything 
we’ve  ever  paid  for? 

Schall  is  starting  to  look  up  the  stack 
when  it  comes  to  open  source. 

Most  of  Kenosha’s  applications  are  writ¬ 
ten  in-house,  but  the  city  uses  Linux-based 
routers  and  firewalls. 

Schall  says  she’s  looking  at  possibly  bring¬ 
ing  in  MySQL  as  the  city’s  first  database. 

Even  Kenosha’s  lone  Windows  server 
might  be  on  its  way  out. The  server  runs  a 
handful  of  applications,  including  a  propri¬ 
etary  Housing  Authority  application. 

“The  plan  is  to  move  this  to  Linux,’ 
Kerkman  says.“They  also  have  budget  con¬ 
cerns  and  are  looking  at  simplifying  things 
and  making  it  open  source."  ■ 
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Start-up  adds  continuous  data  protection  software 


BY  DENI  CONNOR 

Start-up  Kashya  last  week  up¬ 
graded  its  data  replication  appli¬ 
ance  by  adding  continuous  data 
protection  software  that  lets  cus¬ 
tomers  combine  the  off-site  pro¬ 


tection  of  data  with  local  back¬ 
up  capability 

The  KBX5000  CDP  appliance, 
which  sits  in  the  network  be¬ 
tween  the  storage-area  network 
(SAN)  and  the  WAN  router,  uses 


rules  the  IT  administrator  sets  to 
govern  the  replication  of  data  or 
the  backup  to  local  storage.  It 
allows  customers  to  save  money 
by  replacing  SAN-based  software 
and  hardware,  such  as  EMC’s 


TimeFinder  replication  software, 
McData’s  UltraNet  Edge  Storage 
Router  and  EMC’s  NetBackup 
software,  with  an  integrated  soft¬ 
ware-based  appliance. 

The  KBX5000  CDP  allows  data 


recovery  locally  or  remotely  at 
any  time.  For  instance,  for  normal 
recovery  of  data,  IT  administrators 
may  use  the  local  image,  while  in 
the  event  of  local  data  failure,  they 
might  retrieve  that  data  remotely 
Arun  Taneja,  senior  analyst  for 
theTaneja  Group,  says  that  adding 
this  capability  to  the  KBX5000 
makes  sense.  “Since  you  are  col¬ 
lecting  the  information  to  put  out 
over  the  WAN,  why  not  take  it  and 
create  a  back-up  product  out  of 
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Short  Takes 


■  Oracle  last  week  released  a  plug-in 
for  Visual  Studio  .Net  2003  that  lets 
customers  using  the  Microsoft  tool 
kit  build  applications  for  Oracle's  lOg 
database.  The  software  is  part  of  a 
broader  effort  by  Oracle  to  increase 
sales  of  its  database  software  on 
servers  running  Windows.  Microsoft's 
SOL  Server  was  the  most  widely 
used  database  on  Windows  last  year, 
according  to  Gartner.  The  plug-in  fea¬ 
tures  include  Oracle  Explorer  for 
browsing  and  altering  Oracle 
schemas,  various  designers  and  wiz¬ 
ards,  and  a  PL/SOL  editor  for  editing 
stored  procedures  and  functions 
within  Visual  Studio  .Net.  The  soft¬ 
ware  is  available  as  a  free  download 
from  the  Oracle  Technology  Network, 
at  www.networkworld.com, 

DocFinder:  8029. 

■  Intentia  has  released  the  latest 
version  of  its  business  applications 
suite.  Release  5.1  includes  additions 
to  Intentia’s  management  tools,  such 
as  new  validation  wizards,  which  are 
aimed  at  reducing  the  cost  and 
administrative  work  involved  in  sup¬ 
porting  the  software.  Intentia  has 
also  added  channel  and  category 
analysis  features,  provided  by 
Cognos'  ReportNet  software,  to  its 
Intentia  e-Sales  application.  Intentia 
targets  the  manufacturing,  distribu¬ 
tion  and  maintenance  industries,  and 
the  update  contains  several  new 
industry-specific  features.  The 
upgrade  is  likely  the  last  for  the  prod¬ 
uct,  as  Lawson  Software  bought 
Intentia  last  month. The  extent  to 
which  Intentia  and  Lawson  will  blend 
applications  is  still  being  determined. 

■  Microsoft  is  set  to  release  the  first 
beta  of  BizTalk  Server  2006  in  the 
next  two  weeks.  The  company  is 
launching  BizTalk  Server  2006  along¬ 
side  SOL  Server  2005  and  Visual 
Studio  2005,  both  of  which  are  expect¬ 
ed  to  be  ready  for  shipment  at  the 
Nov.  7  launch  in  San  Francisco.  With 
BizTalk  Server  2006,  Microsoft  plans 
to  provide  support  for  SOL  Server 
2005,  Visual  Studio  2005  and  Virtual 
Server  2005. 


Microsoft  tunes  SMB  licensing 


BY  JOHN  FONTANA 

Microsoft  is  streamlining  its  licensing  and 
financing  programs  to  simplify  for  midsized 
businesses  the  acquisition  and  mainte¬ 
nance  of  its  software  in  North  America  and 
around  the  globe. 

The  company  is  consolidating  variants  of 
its  Open  Value  licensing  program,  which  is 
targeted  at  midsized  companies,  into  a  sin¬ 
gle  program  that  is  scheduled  to  be  avail¬ 
able  in  October.  Microsoft  says  the  changes 
also  will  help  its  resellers  better  serve  mid¬ 
sized  companies. 

The  changes,  designed  to  make  it  easier 
for  users  to  acquire,  track  and  upgrade  soft¬ 
ware,  are  part  of  Microsoft’s  plan  to  target 
specific  products  and  programs  at  mid¬ 
sized  businesses  —  a  market  it  has  largely 
ignored  but  is  now  targeted  by  rivals  such 
as  IBM.  The  program  will  include 
Microsoft’s  Software  Assurance  (SA),  a 
maintenance  program  to  keep  software  up 
to  date.  In  addition,  Microsoft  plans  on  Sept. 
15  to  announce  improvements  to  SA. While 
it  did  not  give  details,  company  officials  say 
the  improvements  would  be  similar  to 
some  of  the  other  14  SA  benefits,  such  as 
home-use  rights,  that  Microsoft  has  added 
over  the  past  18  months. 

Also,  Microsoft  is  renaming  its  financing 
program  Microsoft  Financing.  The  program 
was  called  Microsoft  Capital  and  grew  out 
of  Microsoft’s  entry  into  the  business  appli¬ 
cation  market. 


Coming  attractions 

Microsoft  has  revamped  its  licensing 
and  financing  programs  to  appeal  to 
midsized  customers. The  new 
licensing  program  begins  in  October, 
while  the  financing  program  is 
available  now. 


Program 

Features 

Open  Value 

•  Consolidated  into  a  single  offering. 

•  Contract  size  cut  in  half. 

•  Expanding  into  new  regions, 
including  Japan. 

•  Streamlined  ordering,  processing. 

Microsoft 

Financing 

•  Name  changed  from  Microsoft  Capital. 

•  Financed  products  must  include 
some  Microsoft  software,  but  also 
can  include  hardware  and  services. 
•Minimum  financing  of  $10,000 
with  no  cap. 

•  Monthly  payment  plans  geared  to 
SMB  market. 

The  baby  enterprise 

“The  Open  Value  agreement  is  like  a  baby 
enterprise  agreement”  says  Alvin  Park,  an 
analyst  with  Gartner.  Microsoft’s  Enterprise 
Agreement  is  a  licensing  program  for  com¬ 
panies  with  250  or  more  PCs. 

Microsoft  officials  say  many  midsized 
businesses  didn’t  qualify  but  were  also  too 


large  for  the  small-business  software  and 
programs  Microsoft  offers,  which  leaves 
midsized  companies  in  a  no  man’s  land. 

“The  open  value  piece  is  for  those  organi¬ 
zations  that  want  to  enter  into  some  kind 
of  company-wide  commitment.They  want 
to  commit  all  their  PCs  to  run  a  certain 
version  of  Microsoft  software,”  Park  says. 

Most  of  the  changes  have  already  been 
started  in  North  America  over  the  past 
months,  but  in  other  areas  Open  Value 
licensing  had  morphed  into  several  vari¬ 
ants,  such  as  multi-year  open  and  open 
subscription  licensing. 

With  the  single  program  users  should  be 
able  to  more  easily  track  licenses  because 
they  will  be  acquired  through  the  Open 
Value  program  only  and  not  a  combina¬ 
tion  of  retail, OEM  and  licensing  programs. 
Users  also  will  be  sent  the  disks  to  install 
the  software  instead  of  having  to  order 
them  through  a  separate  transaction. 

Streamlined  upgrades 

The  Open  Value  program  also  should 
streamline  the  upgrade  cycle  for  users 
because  they  will  have  access  to  software 
upgrades  through  SA.  Microsoft  says  users 
will  be  able  to  smooth  out  costs  with  an 
annual  payment  plan  for  the  three-year 
Open  Value  licenses. 

“Users  will  be  buying  in  volume  rather 
than  piecemeal  ad  hoc,  which  should 
See  Microsoft,  page  24 


HP  pumps  up  ID  management  suite 


BY  DENISE  DUBIE 

HP  last  week  upgraded  three  applications 
in  its  identity  and  access  management 
suite  with  capabilities  that  the  company 
says  will  help  users  set  specific  privacy 
guidelines  and  better  integrate  multiple 
identities  across  disparate  systems. 

At  the  Burton  Group  Catalyst  Conference 
last  week,  HP  announced  upgrades  for  its 
OpenView  software  applications  Select 
Federation,  Select  Identity  and  Select 
Access.  Select  Federation  is  a  gateway  serv¬ 
er  that  lets  users  share  identities  with  busi¬ 
ness  partners  using  standards-based  proto- 
cols.The  company  last  year  struck  a  deal  to 
license  the  technology  from  Trustgenix, 
which  develops  identity  software  that  vali¬ 


dates  user  credentials  on  one  partner  net¬ 
work  to  be  used  for  access  to  services  on 
another. 

HP’s  identity  management  lineup  also 
includes  Select  Identity  provisioning  soft¬ 
ware  that  the  company  acquired  when  it 
bought  Trulogica  in  March  2004,  and  Select 
Access,  Web  access  management  software 
it  acquired  from  Baltimore  Technologies  in 
2003. 

The  company  not  only  upgraded  each 
application  with  automation  and  reporting 
features,  and  additional  standards  support, 
but  it  also  increased  the  integration  among 
the  applications. 

“The  whole  concept  of  managing  identi¬ 
ties  is  a  process,  and  being  able  to  weave 


together  different  process  delivery  mecha¬ 
nisms  such  as  an  access  management  sys¬ 
tem  and  provisioning  tools  can  help  IT 
managers  better  align  their  identity  man¬ 
agement  systems  with  their  business 
process  workflows,” says  Earl  Perkins,  a  vice 
president  covering  security  and  privacy  at 
research  firm  Gartner.  “The  integration 
would  provide  customers  with  a  process 
that  demands  controls  be  applied.” 

The  upgrades  will  also  enable  HP  to  deliv¬ 
er  better  identity  and  access  management 
controls  to  customers  and  better  compete 
with  EMC,  IBM,  Novell  and  Sun,  Perkins  says. 
He  says  HP  products  should  be  able  to  bet¬ 
ter  compete  now  that  the  company  has 

See  HP,  page  24 
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Continuing  deceptions 


WET  INSIDER 

Scott  Bradner 


The  FCC  just  released  the  fifth 
annual  report  on  the  status  of 
“High-Speed  Services  for  Internet 
Access”  in  the  U.S.  and  its  posses¬ 
sions  (www.networkworld.com, 
DocFinder:  8025).  Like  its  prede¬ 
cessors,  this  report  is  fundamen¬ 
tally  misleading  on  a  number  of 
fronts. 

The  FCC  produced  this  report 
and  its  predecessors  because 
Section  706  of  the 
Telecommunications  Act  of  1996 
(DocFinder:  8026)  directed  the 
FCC  to  regularly  “initiate  a  notice 
of  inquiry  concerning  the  avail¬ 


ability  of  advanced  telecommuni¬ 
cations  capability  to  all 
Americans”  and  from  the  results 
of  the  inquiry  determine  “whether 
advanced  telecommunications 
capability  is  being  deployed  to  all 
Americans  in  a  reasonable  and 
timely  fashion."  If  the  answer  is 
ever  no,  the  FCC  is  required  to 
“take  immediate  action  to  accel¬ 
erate  deployment  of  such  capabil¬ 
ity’  The  Act  defined  “advanced 
telecommunications  capability” 
as  “high-speed,  switched,  broad¬ 
band  telecommunications  capa¬ 
bility  that  enables  users  to  origi¬ 
nate  and  receive  high-quality 
voice,  data,  graphics,  and  video 
telecommunications  using  any 
technology’ 

I  have  no  idea  what  Congress  in 
all  of  its  technical  prowess 
thought  it  was  talking  about 
when  it  mentioned  high-speed 
broadband  in  the  Telecom  Act 


but  all  the  network  people  that  I 
know  would  not  consider  any  ser¬ 
vice  of  less  than  1M  bit/sec  as  a 
“high-speed,  switched,  broad¬ 
band  telecommunications  capa¬ 
bility’  In  the  first  of  its  reports 
(DocFinder:  8027)  the  FCC  used 
the  term  “broadband,”  but  it  arbi¬ 
trarily  defined  this  as  a  service 
supporting  at  least  200K  bit/sec  in 
both  directions. 

Maybe  because  it  became  clear 
that  few  observers  agreed  with  its 
use  of  the  term  broadband  to 
mean  such  a  slow  service,  and 
maybe  because  the  numbers 
were  not  going  to  be  all  that 
impressive,  the  FCC  has  now 
dropped  the  term  and  substituted 
“high-speed,”  which  it  defines  as 
at  least  200K  bit/sec,  but  it  only 
has  to  be  in  one  direction  — 
thereby  halving  its  already  low 
requirement.This  is  misleading  at 
best. 


It  seems  like  the  FCC  has  been 
able  to  confuse  (deceive?)  some 
in  the  press  who  touted  the 
growth  in  broadband  usage 
based  on  the  FCC  report.  It  also 
seems  to  have  confused  the  FCC 
chairman,  who  published  an  edi¬ 
torial  in  the  July  7  Wall  Street 
Journal  touting  the  growth  of 
broadband  deployment  in  the 
U.S.  Maybe  no  one  told  him  that 
the  FCC’s  own  survey  just  report¬ 
ed  on  high-speed,  not  broad¬ 
band,  access. 

As  I  mentioned  two  years  ago, 
which  was  the  last  time  I  looked 
at  one  of  these  reports,  (“Reading 
into  the  FCC’s  ’Net  access  stats,” 
DocFinder:  8028),  there  are  a  lot 
of  other  problems  with  the  FCC’s 
approach. 

For  example,  its  very  misleading 
assumption  that  a  single  sub¬ 
scriber  to  high-speed  services  in  a 
ZIP  code  can  tell  you  anything 


about  the  actual  availability  of 
high-speed  (never  mind  actual 
broadband)  service  to  people  liv¬ 
ing  in  that  ZIP  code. 

All  of  the  statistics  in  the  FCC 
report  are  “up  and  to  the  right” 
and  thus  look  good.  It’s  too  bad 
that  it  actually  does  not  tell  us  all 
that  much  about  Internet  service 
that  can  actually  be  used  for 
“high-quality  voice,  data,  graph¬ 
ics,  and  video  telecommunica¬ 
tions.”  Maybe  someday  we  will 
find  out  but  maybe  not  from  the 
FCC. 

Disclaimer:  Most  of  Harvard’s 
stats  are  also  up  and  to  the  right, 
but  I’ve  seen  no  university  opin¬ 
ion  on  the  FCC’s  use  of  such  stats 
so  the  above  is  my  own  rant. 

Bradner  is  a  consultant  with 
Harvard  University’s  University 
Information  Systems.  He  can  be 
reached  at  sob@sobco.com. 


Microsoft  bolsters  auto  application  software 


BY  ELIZABETH  MONTALBANO 

Microsoft  last  week  unveiled  a  new  ver¬ 
sion  of  its  Windows  platform  for  building 
applications  for  the  automotive  industry. 

At  the  Microsoft  Windows  Automotive 
Conference  2005  in  Yokohama,  Japan, 
the  vendor  released  Windows 
Automotive  5.0,  which  is  based  on 
Microsoft’s  embedded  Windows  CE  5.0 
operating  system. The  software  is  specifi¬ 
cally  aimed  at  custom  development  of 
in-vehicle  applications  such  as  naviga¬ 
tion,  entertainment  and  communication 
systems,  Microsoft  says. 


New  features  include  the  Automotive 
User  Interface  Toolkit  and  expanded  virtu¬ 
al  memory  support  to  enable  the  develop¬ 
ment  of  3-D  graphics  and  sophisticated 
navigation  displays,  Microsoft  says. 
Windows  Automotive  5.0  also  includes 
performance  improvements  such  as 
enhanced  power  management  and  faster 
boot  times. 

Additionally  the  platform  features  a  new 
set  of  development  tools  aimed  at  simpli¬ 
fying  the  creation  of  applications  and 
improving  their  reliability  Microsoft  says. 
The  Automotive  System  Tools  suite 


includes  System  Design  Tool  for  visualizing 
memory  allocation,  usage  and  thread  sta¬ 
tus,  as  well  as  System  Building  Block  Tool 
for  visually  configuring  software  compo¬ 
nents.  The  tool  set  also  includes  test  mod¬ 
ules  and  other  engineering  guidelines  for 
developers. 

Microsoft  has  been  bolstering  its  invest¬ 
ment  in  delivering  software  specifically 
aimed  at  vertical  markets,  and  has  been 
encouraging  its  partners  to  target  them. 

Though  some  partners  have  balked  at  this 
idea  because  it  may  require  them  to 
change  their  business  models,  one  partner 


who  attended  Microsoft’s  recent  Worldwide 
Partner  Conference  2005  in  Minneapolis 
says  he  agreed  with  the  notion. 

“It’s  the  right  thing  to  do,”  says  David 
Hurley  managing  director  for  U.K.  consult¬ 
ing  company  Anglia  Business  Solutions.  He 
says  that  companies  could  accelerate  the 
development  and  deployment  of  applica¬ 
tions  by  honing  them  to  focus  on  the  par¬ 
ticular  business  requirements  of  vertical 
markets. 

Montalbano  is  a  correspondent  with  the 
IDG  News  Service. 


HP 

continued  from  page  23 

upgraded  each  application  and  more  standards  sup¬ 
port,  specifically  adding  Security  Assertion  Markup 
Language  2.0  and  the  Liberty  Alliance  Identity  Web 
Services  Framework  (ID-WSF)  1.1.  For  instance,  sup¬ 
port  for  ID-WSF  1.1  indicates  that  a  vendor’s  software 
can  interoperate  with  other  third-party  software  to 
ensure  identity  management  rules  and  policies  can 
be  enforced  across  loosely  coupled  applications  or 
Web  services. 

Select  Federation  6.5  now  includes  a  feature  that 
lets  companies  offer  customers  a  way  to  set  specific 
privacy  controls  on  their  own  information.  The  soft¬ 
ware  would  provide  end  users  with  a  wizard  or  tem¬ 
plate  with  which  they  could  set  rules  on  a  per- 
attribute  basis. 

HP  also  added  support  for  Select  Identity  3.3, 
which  lets  IT  managers  provide  more  self-service 


capabilities  to  end  users  and  tools  to  make  searching 
and  browsing  thousands  of  identities  more  manage¬ 
able.  The  improved  self-service  and  registration  fea¬ 
tures  offer  end  users  configurable  scheduling  of 
requests  and  the  ability  to  perform  self-service 
actions  such  as  gain  access  to  a  specific  application. 

Lastly  Select  Access  6.1  now  integrates  with  Citrix 
Password  Manager,  which  the  company  says  will 
enable  customers  to  track  audit  log  information  in 
the  HP  OpenView  server  for  compliance  reporting. 

Select  Federation  6.5  is  in  beta  now,  with  expect¬ 
ed  general  availability  in  the  fourth  quarter.  Select 
Identity  3.3  and  Select  Access  6.1  are  available 
now. 

Select  Federation  starts  at  $25,000  per  federated 
partner  or  application  for  the  enterprise  edition. 
Discount  pricing  is  available  for  large  user  volumes. 
Select  Identity  starts  at  about  $40  per  user,  and 
Select  Access  starts  at  about  $7  per  user.  Discount 
pricing  is  available  for  large  user  volumes.* 


Microsoft 

continued  from  page  23 

control  costs,”  says  Sunny  Charlebois,  product  manager  in  Microsoft’s 
worldwide  licensing  and  product  group. 

The  improvements  align  with  changes  Microsoft  made  earlier  this 
year,  including  the  reduction  of  product  licensing  models  from  70  into 
nine  categories. 

The  Open  Value  program  will  have  two  options,  a  company-wide 
license  and  a  subscription  license,  although  the  subscription  option  is 
not  available  in  North  America  or  Canada.  The  company-wide  license 
has  professional  and  small-business  options. 

The  professional  includes  Office  Professional  and  the  core  Windows 
Server  Client  Access  License  (CAL).The  small-business  option  includes 
Office  for  Small  Business  Edition  and  the  Windows  Small  Business 
Server  CAL. 

Microsoft  plans  to  combine  the  licensing  changes  with  financing 
options,  including  reducing  the  size  of  the  contracts  users  must  wade 
through  from  seven  pages  to  two,  implementation  of  new  credit-scoring 
models  and  plans  to  reduce  approval  times  from  days  to  hours,!* 
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DB2.  ONLY  THE  PERFORMANCE  IS  HIGH. 


DB2  has  done  it  again.  According  to  a  Market  Magic  Study, 
DB2  costs  “on  average  22%  less  than  Oracle.”1 

The  Transaction  Processing  Performance  Council  results 
show  that  DB2  and  eServer'  p5-595  are  more  than  twice 
as  scalable  as  Oracle  Real  Application  Clusters,  making 
them  the  overwhelming  performance  and  scalability 
leader  for  TPC-C.2  And  an  ITG  study  showed  overall  costs 
for  Oracle  Database  up  to  four  times  higher  than  DB2.3 

No  wonder  DB2  is  regarded  as  the  leading  database  built 
on  and  optimized  for  Linux';  UNIX*’  and  Windows?  Like 
other  IBM  database  engine  products  such  as  Informix® 
and  Cloudscape;”  DB2  is  part  of  an  innovative  family  of 
information  management  products  that  integrates  and 
can  actually  add  insight  to  your  data. 


It  takes  full  advantage  of  your  existing  heterogeneous 
and  open  environments,  while  its  leading-edge 
autonomic  computing  technology  means  increased 
reliability,  increased  programmer  productivity  and 
decreased  deployment  and  management  costs. 

One  more  thing:  Oracle  desupported  Oracle  Database  8i 
last  year,  meaning  potential  headaches,  higher  cost  or 
a  complete  migration  to  current  versions  of  Oracle. 
Fortunately,  IBM  offers  ongoing,  around-the-clock  service 
and  support  for  DB2. 

Why  not  move  up  to  middleware  that  makes  sense?  Now  you 
can  get  IBM  DB2  Universal  Database  or  Informix  by  taking 
advantage  of  our  extremely  compelling  trade-up  program. 
Visit  ibm.com/db2/swap  today  to  find  out  if  you  qualify. 


DEMAND  BUSINESS 
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SECURE  NETWORKS 


Appliances  replace  DNS,  DHCP  software 


BY  CAROLYN  DUFFY  MARSAN 

In  2004,  the  Slammer  virus  took  the 
city  of  Houston  by  storm.  The  power¬ 
ful,  fast-spreading  virus  penetrated  the 
Red  Hat  Linux  servers  running 
Berkeley  Internet  Name  Domain  software 
that  handled  naming  resolution  for  the 
city’s  Web  sites.  The  airport  system,  public 
library  and  health  department  were 
among  the  many  city  agencies  whose  Web 
sites  suffered  outages  as  a  result  of  the 
virus. 

“The  Slammer  virus  affected  all  the  nam¬ 
ing  resolution  pieces  in  the  cityf  says  Mark 
Whitt,  IS  administrator  for  the  city’s  IT  de- 
partment.“We  couldn’t  get  the  vulnerability 
under  control.  So  we  began  looking  for  a 
device  to  reduce  our  vulnerabilities.”  (See 
related  story,  page  39.) 

Enter  Infoblox,  one  of  several  start-ups 
offering  special-purpose,  hardened  appli¬ 
ances  that  handle  resolution  for  key  In¬ 
ternet  protocols  including  DNS  and  DHCP 
The  city  of  Houston  bought  eight  Infoblox 
appliances  —  which  cost  $54,000  —  that 
will  be  fully  deployed  this  summer. 

“All  of  our  Web  presence  is  using  DNS  ser¬ 
vices  from  Infoblox.  We’re  also  using  Info¬ 
blox  for  our  internal  name  resolution, "Whitt 
says.  “The  performance  has  been  great.  I 
haven’t  seen  any  degradation,  and  we  have 
the  enhancements  of  increased  manage¬ 
ability  and  dynamic  DNS  updates.” 

The  city  of  Houston  is  not  alone.  Many 
organizations  are  replacing  aging  DNS  soft¬ 
ware  and  servers  with  modern  appliances 
that  offer  enhanced  security  and  easier 
management.  Other  organizations  that  have 
made  the  switch  to  DNS  and  DHCP  appli¬ 
ances  include  EMC,  Banker’s  Life  and 
Casualty,  and  Pima  Community  College. 

“We’ve  seen  a  lot  of  renewed  interest  in  IP 
address  management,  DNS  and  DHCP  over 
the  last  18  months,”  says  Dan  Golding, senior 
analyst  with  Burton  Group. 

For  the  last  20  years,  most  IT  shops  have 
used  free  software  such  as  BIND  running  on 
Unix  or  Linux  servers  to  handle  DNS  resolu¬ 
tion.  However,  BIND  as  well  as  free  DNS  soft¬ 
ware  from  Microsoft  are  increasingly  under 
attack  by  hackers. Today,  network  managers 
are  becoming  aware  of  the  vulnerabilities  of 
these  older  software  applications  as  well  as 
the  affect  DNS  or  DHCP  outages  can  have 
on  corporate  productivity 
IP  address  management  “was  very  low 
down  on  the  priority  list,”  Golding  says. 
“People  sort  of  woke  up  one  day  and 
noticed  that  their  authoritative  DNS  servers 


DNS,  DHCP  appliances  at  a  glance 


Company 

BlueCat  Networks 

Infoblox 

INS 

Metalnfo 

Product 

name 

Adonis  250, 500  and  1000 
DNS/DHCP  appliances  and  Proteus 
Enterprise  IP  Address  Management 
appliance. 

Infoblox  1000, 1200  appliances, 

DNS  One  module,  Keystone 
Distributed  Virtual  Services  module. 

IP  Control  Sapphire  eX  and  elO 
appliances  and  IPControl,  NetControl 
and  ImageControl  IP  management 
software. 

Metalnfo  250  and  500  appliance, 
Meta  IP  Enterprise  software,  Meta 
IP  Pro  software  and  Meta  DNS  Pro 
software. 

Description 

BlueCat  offers  a  range  of  appliances 
with  special  high-availability  features. 
Proteus  allows  for  central  control 
over  multiple  Adonis  appliances. 

Infoblox  takes  a  modular  approach 
to  its  appliances,  with  a  common 
operating  system  and  modules  for 
DNS,  DHCP,  Lightweight  Directory 
Access  Protocol  and  RADIUS.  The 
DNS  module  is  for  highly  distributed 
environments. 

INS  is  an  IT  infrastructure  consulting 
organization  that  sells  IP  address 
management  software  and 
appliances. 

Metalnfo  has  been  selling  DNS 
software  for  a  decade  but 
introduced  its  first  appliance  last 
year.  Its  products  focus  on 
centralized  enterprise  management. 
The  company  was  briefly  owned  by 
Checkpoint. 

were  supporting  major  Web  services  and 
were  running  on  Pentium  or  ancient  Solaris 
boxes.  They  were  very  rickety  The  software 
was  old  and  might  have  been  running  on 
Windows.  Then  they  started  reading  about 
all  these  DNS-based  attacks.” 

Some  companies  use  special-purpose  IP 
address  management  software  such  as 
Cisco  Network  Registrar  (CNR),  Lucent’s 
Q1P  or  Nortel’s  NetID.  However,  these  prod¬ 
ucts  are  expensive  to  operate  and  are  infre¬ 
quently  updated.  (Read  our  Technology 
Insider  on  IP  address  management  at 
DocFinder:  8030.) 

“The  older  IP  address  management  plat¬ 
forms  are  software  based,  and  they  require 
systems  administrators,  database  adminis¬ 
trators  and  network  engineers,”  Golding 
says.“They  require  a  team  of  high  priests  to 
keep  them  running, so  it  is  very  expensive.  A 
lot  of  them  require  Oracle  licenses,  too.” 

Without  protocols  such  as  DNS  and 
DHCP  functioning,  corporate  networks 
don’t  work. Web  sites  go  down,  e-mail  won’t 
go  through,  and  mission-critical  ERP  appli¬ 
cations  that  depend  on  the  Internet  won’t 
function. 

“DNS  has  become  critical  to  IP  networks,” 
says  Cricket  Liu,  vice  president  of  architec¬ 
ture  at  Infoblox.  “DNS  is  the  preferred 
method  for  internal  naming,  as  well  as  the 
Internet.  It  handles  resolving  URLs  and 
sending  e-mail.  DNS  is  also  used  by  Micro¬ 
soft  Active  Directory  implementations.  All 
of  a  sudden,  the  dependency  on  DNS  goes 
from  network  domains  to  network  servers 
to  desktops.” 

At  the  same  time  that  DNS  has  become 
more  critical  to  corporate  networks,  it  has 
also  become  more  complex.The  basic  doc¬ 
umentation  for  BIND  is  more  than  100 
pages.  In  addition,  BIND  is  more  vulnerable 


then  ever,  with  the  CERT  issuing  regular 
warnings  related  to  BIND  and  other  DNS-  - 
related  issues. 

These  trends  are  prompting  companies  to 
upgrade  their  DNS  software  and  servers, 
and  these  companies  are  looking  for  an 
offering  that  is  secure,  reliable  and  high  per¬ 
forming.  That’s  where  appliances  enter  the 
picture.  These  hardened  devices  offer  the 
benefits  of  being  inexpensive  and  easy  to 
run  with  low  administrative  and  opera¬ 
tional  expense. 

Among  the  companies  selling  DNS  and 
DHCP  appliances  are  Infoblox,  Metainfo, 
BlueCat  Networks  and  International 
Network  Services.  Most  of  these  appliances 
sell  for  $5,000  to  $10,000.  Vendors  of  these 
appliances  report  that  sales  are  brisk. 

“All  of  these  appliances  are  pretty  high 
quality  Golding  says.The  things  that  differ¬ 
entiate  one  from  the  next  are  how  well  the 
management  works,  how  well  the  high 
availability  works  and  the  pricing.” 

Golding  says  he  recommends  appliances 
for  IP  address  management  to  most  of  his 
clients.  “There  are  some  enterprises  that 
need  the  functionality  that  you  can  only  get 
from  software  like  Lucent’s  QIP  But  for  the 
vast  majority  of  enterprises,  appliances  are 
a  better  fit.” 

The  city  of  Houston’s  Whitt  says  he  chose 
a  DNS  appliance  because  it  offered  tighter 
security  and  was  less  expensive  than  a  tra¬ 
ditional  software-based  package. 

“The  advantage  of  having  an  appliance 
included  out-of-band  management,  in¬ 
creased  meantime  between  failure,  and  it 
reduced  some  of  the  moving  parts,”  Whitt 
says. 

With  its  DNS  and  DHCP  infrastructures  in 
solid  shape,  the  city  is  getting  ready  to  roll 
out  new  applications,  including  VoIP  The 


dynamic  DNS  updates  offered  by  the  Info¬ 
blox  appliances  will  support  these  new 
applications. 

“When  I  have  a  client  device  that  needs  to 
register  with  DNS,  the  Infoblox  appliance 
makes  it  automatic  vs.  the  static  environ¬ 
ment  we  had,  where  we  had  to  have  an 
administrator  create  a  name  and  IP  address 
and  put  it  in  the  proper  zone,”  Whitt  says. 
“Dynamic  DNS  has  been  a  wonder  for  us.” 

Not  all  organizations  choose  DNS  and 
DHCP  appliances  for  security  reasons.  Pima 
Community  College  of  Tucson,  Ariz.,  re¬ 
placed  Cisco’s  CNR  product  with  BlueCat 
appliances  because  of  the  enhanced  fea¬ 
tures  and  technical  support  offered  by  the 
start-up. 

Scott  Ferguson,  principal  analyst  for  net¬ 
work  services  at  Pima  Community  College, 
says  he  ran  into  interoperability  problems 
running  Cisco’s  CNR  software  at  the  col¬ 
lege’s  data  center  in  conjunction  with  ded¬ 
icated  Sun  Netra  servers  at  each  of  its  seven 
main  campuses. 

“The  setup  was  problematic,”  he  says. “We 
had  several  instances  where  the  informa¬ 
tion  wasn’t  transferred  correctly  between 
the  different  servers.  Servers  would  go 
down.  Actually  the  Cisco  product  is  not  that 
difficult  from  a  user  standpoint  to  configure 
or  use,  but  it  seems  to  be  somewhat  propri¬ 
etary  and  it  doesn’t  always  adhere  to  the 
BIND  or  DHCP  standards.” 

Ferguson  evaluated  DNS  and  DHCP 
appliances  from  several  vendors,  but  he 
ultimately  bought  four  BlueCat  appliances 
for  $28,000.  He  installed  two  devices  at  the 
college’s  data  center  in  high-availability 
mode,  a  third  device  was  installed  at  the 
data  center  for  external  DNS  traffic.  A  fourth 
device  is  being  installed  at  the  college’s  dis¬ 
aster-recovery  site.  ■ 
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Sprint’s  devotion  to  wireless  raises  questions 


Stacking  up  wireless  providers 

Sprint's  merger  with  Nextel  will  solidify  the  carrier’s  position  asthethird-largest 
wireless  service  provider. 


Service  provider 

First-quarter  revenue 

Customers 

Q1  Customer  churn 

Cingular  Wireless 

$8.2  billion 

50.4  million 

2.2% 

Verizon  Wireless 

$7.4  billion 

45.5  million 

1.3% 

Sprint 

$3.3  billion 

26  million 

2.5% 

Nextel  Communications 

$3.6  billion 

17  million 

1.5% 

BY  DENISE  PAPPALARDO 

Sprint’s  announcement  last  week  that  it  is 
acquiring  one  of  its  affiliates  underscores 
the  carriers  continued  emphasis  on  its 
wireless  business  —  an  emphasis  that  has 
raised  questions  about  whether  Sprint  is 
fully  committed  to  its  traditional,  landline 
business  customers. 

The  short  answer  to  the  question  is  yes, 


■  Lucent  has  been  awarded  a  three- 
year,  $500  million  contract  by 

MetroPCS  to  provide  3G  CDMA2000 
equipment  to  the  wireless  operator 
for  new  and  current  U.S.  markets. 
MetroPCS  will  deploy  Lucent's  equip¬ 
ment  to  build  out  new  markets  in 
Dallas,  Detroit,  and  Sarasota,  Fla., 
and  expanding  in  Tampa.  MetroPCS 
offers  unlimited  local  and  nationwide 
long-distance  calls  for  a  flat  monthly 
rate  of  $40  in  metropolitan  Miami, 
San  Francisco,  Atlanta,  Sacramento 
and  Tampa.  The  Lucent  products  will 
be  deployed  to  increase  capacity  and 
coverage  in  these  markets. 
MetroPCS  will  deploy  Lucent's 
Flexent  Packet  Switch  and  DMA2000 
IX  and  EV-DO  base  stations.  EV-DO 
provides  speeds  of  up  to  2.4M  bit/sec 
to  support  access  to  applications 
stored  behind  corporate  firewalls, 
including  e-mail  and  intranets, 
according  to  Lucent. 

■  Skype  International  and  Boingo 
Wireless  last  week  announced  a 
partnership  that  will  allow  users  to 
access  Skype's  VoIP  technology  from 
18,000  Wi-Fi  hot  spots  worldwide. 
Available  in  coffee  shops,  bookstores 
and  hotels,  as  well  as  other  public 
places,  Skype  Zones  powered  by 
Boingo  are  geared  toward  business 
travelers  and  wireless  users  seeking 
inexpensive  international  calling, 
Skype  says.  Skype  Zones  offer  VoIP 
users  unlimited  access  to  Boingo’s 
public  broadband  for  $8  per  month. 
Infrequent  users  can  pay  $3  for  a 
two-hour  connection,  the  companies 
said  in  a  press  release. 


according  to  industry  watchers,  but  there  is 
no  denying  Sprint  is  devoted  to  wireless 
since  announcing  its  plans  in  December  to 
merge  with  Nextel  in  a  $35  billion  deal.The 
merger  is  expected  to  close  within  the  next 
couple  of  months. 

The  carrier’s  investments  and  focus  are,  at 
least  publicly  exclusively  on  wireless  from 
an  acquisition  and  product  development 
standpoint. Sprint  is  spending  $1.3  billion  to 
buy  its  second  largest  affiliate,  US  Unwired, 
and  others  could  follow. The  carrier  also  is 
spending  a  healthy  majority  of  its  capital 
this  year  on  wireless.  This  year  the  carrier 
projects  it  will  spend  nearly  $3  billion  on  its 
wireless  network,  about  $900  million  on 
local  networks  and  services  and  about 
$300  million  on  its  long-distance  networks, 
including  IP 

“We  have  a  large  and  robust  IP  network 
today  and  if  you  look  at  investments  we 
made  year  by  year  you  will  probably  see  we 
would  not  be  alone  in  our  slowdown,” says 
Vicki  Warker,  vice  president  of  marketing 
and  products  for  Sprint  Business  Solutions. 

Sprint  has  yet  to  make  a  single  announce¬ 
ment  this  year  that  does  not  include  wire¬ 
less  technology 


BY  TIM  GREENE 

Netli  this  week  is  announcing  a  way  to 
speed  Web  services  across  the  Internet 
with  a  new  offering  that  reduces  the  delay 
in  machine-to-machine  communications. 

Called  NetLightning  for  Web  Services,  the 
new  service  cuts  the  lag  time  when  a  Web 
application  on  one  Internet-connected 
computer  connects  to  another  at  a  differ¬ 
ent  Internet  location  to  access  a  service 
supported  there.  The  company  says  its 
technology  can  reduce  the  delay  across 
the  Internet  by  60%. 

Although  the  time  reduction  is  less  than 
a  second,  that  delay  is  significant  to 
LookSmart,  a  media  and  search  company 
in  San  Francisco,  says  the  company’s  CTO 
Michael  Grubb. 

LookSmart  supports  search  tools  on  its 
customers’  Web  sites  by  accepting  search 
queries  from  users  hitting  the  sites,. search¬ 
ing  for  results  and  returning  those  results 
to  the  customer  via  XML.  The  customer  is 
then  responsible  for  getting  the  response 


What  you  will  find  are  press  releases  that 
include  integrated  services,  such  as  Sprint’s 
EV-DO  service  launch,  and  announcements 
about  customer  wins,  such  as  Ford’s  plan  to 
migrate  8,000  users  exclusively  to  wireless. 
You  will  not  find  an  announcement  that 
solely  refers  to  its  VPN  or  security  services 
or  a  customer  win  that  involves  only  these 
landline  offerings. 

Sprint  is  expected  to  announce  today 
additional  enhancements  for  its  PCS  Data 
Link  service,  supporting  for  the  first  time 


to  the  person  who  registered  the  query. 

“We’re  not  building  and  delivering  the 
Web  page,”  Grubb  says.  “Our  partner  is.  At 
each  step  in  the  chain,  any  latency  is 
added  up  or  even  multiplied  and  deliv¬ 
ered  back  to  the  end  user.”  Any  reduction 
in  delay  helps  create  a  more  satisfied  end 
user,  he  says. 

LookSmart  applies  NetLightning  for  Web 
Services  to  customers  whose  U.S.  servers 
are  far  from  LookSmart’s,  Grubb  says,  but 
not  for  those  where  delay  is  insignificant. 

NetLightning  speeds  traffic  across  long 
stretches  of  the  Internet  by  using  opti¬ 
mized  TCP  between  its  points  of  presence, 
called  virtual  data  centers  (VDC).  Traffic 
traveling  optimized  virtual  trunks  between 
VDCs  is  less  subject  to  delays  than  regular 
Internet  traffic.  NetLightning  for  Web 
Services  is  tweaked  specifically  for  Web 
services  connections,  according  to  Netli 
CEO  Gary  Messiana.  It  costs  a  flat  fee  of 
$8,000  to  $15,000  plus  a  transaction  fee,  he 
says. 


wireless-to-MPLS  network  access  for  busi¬ 
ness  customers. 

“From  an  organizational  perspective, 
Sprint  has  been  focused  on  the  Nextel 
merger,”  says  Lisa  Pierce,  senior  analyst  at 
Forrester  Research.“But  it’s  also  focused  on 
making  headway  with  new  capabilities  like 
MPLS.” 

Another  analyst  agrees.  “From  what  we 
can  see,  Sprint  is  in  the  enterprise  services 
business.  There  has  been  no  change  there,” 

See  Sprint,  page  28 


The  offering  overcomes  one  of  the  short¬ 
comings  of  Web  services.says  Peter  Christy, 
principal  with  NetsEdge  Research  Group. 

“Web  services  were  designed  to  work 
within  enterprises,  deployed  in  data  cen¬ 
ters  in  LANs  and  then  you  put  them  in  the 
cruel  world  where  delay  can  break  them," 
Christy  says. 

Web  services  are  meant  to  reduce  the 
integration  costs  of  applications  and  to 
produce  better  business  processes,  he 
says.  If  application  integration  over  the 
WAN  is  made  more  reliable, “Web  applica¬ 
tions  can  be  more  interesting  and  compli¬ 
cated.” 

Netli  also  is  announcing  seivice-Ievel 
agreements  (SLA)  based  on  performance 
of  applications  between  customer  sites 
across  the  Internet. 

The  SLAs  guarantee  reducing  delay  by 
half  and  will  promise  to  keep  delay  within 
a  certain  tolerance  of  how  the  same  appii 
cation  performs  on  the  customer’s  LAN. 

See  Netli,  page  28 
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Netli  touts  faster  Web  services 
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Netli 

continued  from  page  27 

For  example,  the  SLA  might  say  an 
application  will  perform  at  80%  of 
the  speed  it  does  on  the  LAN.The 
percentage  is  determined  for 
each  application  and  is  depen¬ 
dent  on  what  regions  of  the  world 
the  sites  are  located. 

While  the  SLAs  don’t  offer  blan¬ 
ket  guarantees,  they  do  offer  guar¬ 
antees  of  specific  performance 
for  specific  applications  between 
specific  sites,  which  is  more  than 
other  providers  offer,  Christy  says. 
“It’s  going  to  be  a  long  while 
before  anyone  has  ironclad  guar¬ 
antees  of”  application  perfor¬ 
mance  over  the  Internet,  he  says. 
“When  you  deal  with  multiple 
providers  [as  is  the  case  with  the 
Internet] ,  it’s  hard  to  get  anyone  to 
give  a  guarantee  of  anything.  Netli 
is  actually  taking  responsibility  for 
delivering  your  application.” 

If  Netli  fails  to  meet  the  SLAs, 
customers  get  service  credits, 
Messiana  says. 


Netli  stores  data 

Service  provider  Netli  now  stores  customers'  data  in  its  Offload 
Centers  to  ensure  Web  content  is  available  to  users  quickly 
even  during  periods  of  high  demand. 
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Customer  Web  traffic  is  speeded 
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Frequently  accessed  content  is  stored 
in  temporary  caches  in  the  VDCs. 
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Netli  also  is  now  delivering  its 
previously  announced  offload 
service  that  caches  customer  con- 


Customers  can  also  store  data  at  a 
Netli  Offload  Center  to  reduce  their 
need  for  server  capacity. 


tent  in  Netli’s  network  (see  dia¬ 
gram).  This  reduces  the  need  for 
servers  in  customer  networks  and 
reduces  the  size  of  Internet  con¬ 


nections  between  customer  serv¬ 
er  farms  and  the  Internet  because 
fewer  queries  will  reach  servers  at 
customer  sites,  Netli  says.  ■ 


Sprint 

continued  from  page  27 

says  David  Rohde,  analyst  at  TechCaliber.They  certainly  aren’t  doing  a 
good  job  making  that  clear  publicly  but  they  are  still  in  the  enterprise 
services  business.” 

Sprint  acknowledges  it  has  been  publicly  focused  on  wireless,  but  the 
carrier  says  it  is  committed  to  its  enterprise  business  customers. 

“There  is  a  lot  more  buzz  around  wireless,  but  we  view  the  wireline 
business  as  the  foundation  for  everything  we  do.  It’s  a  strategic  asset  to 
us,”Warker  says. 

One  customer  says  he  has  no  complaints  about  service  levels  or  atten¬ 
tion  from  Sprint  since  the  carrier  announced  its  Nextel  acquisition.  Jim 
Giantomenico,  senior  vice  president  and  CIO  at  Finlay  a  fine  jewelry 
retailer  with  counters  in  more  than  900  department  stores, says  his  team 
is  meeting  weekly  with  the  account  manager  and  several  representa¬ 
tives  in  anticipation  of  network  changes  that  include  using  wireless 
access  to  the  company’s  corporate  network. 

He  says  Sprint’s  merger  with  Nextel  is  a  good  move  in  the  long  term. 
“Any  time  you  have  a  merger  of  this  magnitude  there  is  the  risk  of  tak¬ 
ing  your  eye  off  of  the  ball  in  the  short  term,”  he  says.  But  he  hasn’t 
noticed  any  negative  changes  so  far. 

Warker  says  many  of  Sprint’s  new  wireless  services  and  capabilities 
announced  over  the  past  12  months  are  integrated  with  its  wireline 
business.  She  says  that  Sprint’s  wireless  business  users  are  treated  like 
enterprise  customers.  Examples  include  Sprint’s  service-level  agree¬ 
ments  for  wireless  voice  and  data  services  for  business  users,  and  the 
carrier’s  remote  access  Extended  Workplace  offer  couples  Wi-Fi,  PCS 
and  dial-up  access  from  a  single  client, she  says.  ■ 


CAN  YOU  HANDLE  ALL  THE  DATA  THAT'S  COMING  YOUR  WAY? 

introducing  midrange  storage  with  high-end  functionality.  We  know  what  you're  up  against,  and  it's  a  lot.  An  explosion  of  data,  a  complex  infrastructure, 
and  limited  resources.  Our  new  midrange  modular  storage  solutions  help  you  tackle  these  issues  arid  more. Three  cost-effective  solutions:the  Network  Storage 
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Justice  is  served — for  Ebbers  and  all  of  us 


EYE  ON  THE  CARRIER 

Johna  Till  Johnson 


wenty-five  years  is  a  long 
time.  In  1980, TCP/IP  had  just 
been  invented.  Ma  Bell  still 
ruled  the  telecom  universe.  Cisco 
didn’t  exist,  and  a  tiny  company 
called  Microsoft  had  just  bought 
Disk  Operating  System  (DOS)  soft¬ 
ware  from  Seattle  Computer.  In  the 
world  at  large,  there  was  the  Berlin 
Wall  and  Pink  Floyds  “The  Wall,” 
Ronald  Reagan  was  elected  our 
40th  President,  the  Cold  War  and 
the  Blues  Brothers’  mission  from 
God. 

So  if  ex-WorldCom  CEO  Bernie 
Ebbers  serves  the  full  25-year 
prison  term  to  which  New  York 


Judge  Barbara  Jones  sentenced 
him  last  week,  he  will  on  Oct.  12, 
2030,  walk  out  into  a  world  vast¬ 
ly  different  from  today’s. 

Most  likely,  its  communications 
infrastructure  will  be  unrecogniz¬ 
able  to  the  man  who  once  ran 
one  of  the  most  innovative  com¬ 
munications  networks  in  the 
world.  Pundits  have  predicted  sce¬ 
narios  ranging  from  a  functioning 
interplanetary  IP  backbone  to 
embedded  addresses  in  every¬ 
thing  from  toaster  ovens  to  cans 
of  tuna  fish. 

Hard  to  believe?  Maybe.  But  as  I 
said,  25  years  is  a  long  time  —  long 
enough  to  serve  as  effective  pun¬ 
ishment  for  the  man  who  de¬ 
stroyed  billions  in  life  savings, 
trashed  careers  and  brought  a 
once-proud  company  to  its  knees. 
Even  if  Ebbers  doesn’t  serve  his 
full  term  —  he’ll  be  88  in  2030,  and 
there’s  a  chance  for  early  parole 
—  that  25-year  sentence  signals 


that  justice  has  been  served. 

It’s  not  just  the  prison  time. 
Ebbers  has  been  stripped  of  his 
personal  assets.  Once  worth  more 
than  $1  billion, he’s  down  to  about 
$45  million.  And  even  those  assets 
will  soon  be  distributed  as  partial 
(very  partial)  reparations  to 


WorldCom  investors. 

The  bottom  line  is  that  Ebbers 
lost  it  all:  freedom, wealth, and  pro¬ 
fessional  and  personal  reputa¬ 
tions.  As  I’ve  said  before,  he’s  now 
officially  a  crook.  He’ll  soon  be  a 
jailbird  —  a  fate  that  doesn’t  often 
befall  the  rich,  powerful  and  well- 
connected,  no  matter  how 
heinous  their  offenses. 


But  for  once,  the  system  worked. 
Punishment  needs  to  be  com¬ 
mensurate  with  the  seriousness  of 
the  crime,  or  the  rule  of  law 
becomes  meaningless.  Fortun¬ 
ately  in  this  case,  it  was.  As  Judge 
Jones  said:  “A  sentence  of  any¬ 
thing  less  would  not  reflect  the 


seriousness  of  this  crime.” 

And  as  I’ve  noted  earlier,  the 
most  serious  aspect  of  Ebbers’ 
crime  was  the  destruction  of  pub¬ 
lic  trust.  By  creating  an  atmos¬ 
phere  in  which  leaders  can’t  be 
trusted,  he  did  incalculable  dam¬ 
age  not  only  to  WorldCom  share¬ 
holders,  employees  and  cus¬ 
tomers,  but  also  to  the  entire  legal 


and  economic  structure.  As 
Pulitzer  Prize-winning  journalist 
James  Stewart  wrote:  “Violations 
of  the  law  are  not  victimless 
crimes.  When  [they  occur],  our 
confidence  in  the  underlying  fair¬ 
ness  of  the  market  is  shattered.We 
are  all  victims.” 

Stewart’s  right.  “Paper”  crimes 
have  real  consequences  —  and 
to  some  extent,  we’re  all  Ebbers’ 
victims. 

They  say  Ebbers  cried  when  the 
sentence  was  announced.  I  can 
believe  it.  Twenty-five  years  is  a 
very  long  time  to  be  separated 
from  your  family,  your  friends  and 
your  liberty 

But  it’s  not  too  long. 

Johna  Till  Johnson  is  president 
and  chief  research  officer  at 
Nemertes  Research,  a  leading 
independent  technology  research 
firm.  She  can  be  reached  at 
johna@nemertes.  com. 


He’ll  soon  be  a  jailbird  —  a  fate  that 
doesn’t  often  befall  the  rich,  powerful 
and  well-connected,  no  matter  how 
heinous  their  offenses. 
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Controller,  Adaptable  Modular  Workgroup  Modular  Storage.  Each  built  to  meet  unique  application  requirements.  Each  with  high-end  functionality  from  HITACHI 

our  TagmaStore  platform.Ttffeafni  niiore  about  Hitachi  midrange  modular  storage,  and  how  we  can  be  your  Partner  Beyond  Technology,  visit  www.hds.com/modular  DATA  SYSTEMS 
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WHERE  openminds  MEET  >  > 


explore  >  >  analyze  >  >  gain  >  > 


LinuxWorld  Conference  &  Expo  is  the  world’s  leading  and 
most  comprehensive  event  focusing  on  Linux  and  Open 
Source  solutions.  At  LinuxWorld,  see  and  learn  how  to 
best  leverage  the  technology  for  your  organization. 

>  Explore  your  options  on  the  exhibit  hall  floor,  which  features  the  world’s 
leading  hardware  and  software  vendors. 

>  Analyze  the  latest  Linux  and  Open  Source  technology  and  discover  how 
companies  across  the  globe  can  show  you  how  to  achieve  higher  profits 
and  increase  productivity. 

>  Gain  knowledge  about  best  practices  and  solutions  by  attending 
LinuxWorld’s  outstanding  educational  program. 

It's  the  Linux  &  Open  Source  event  you  can't  afford  to  miss! 


linuxworldexpo.com 


>  Register  Online  With  Priority  Code:  DO  118 
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TlfiHNOUIflY  UPDATE 

■^■nside  look  at  technologies  and  standards 

Classifying  packets  in  a  single  pass 


HOW  IT  WORKS:  Single-pass  packet  classification 

A  multi-function  services  gateway  uses  single-pass  packet  classification  for 
services  processing.  Classifying  packets  only  once  boosts  CPU  efficiency  and 
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Multi-function  services  gateway 


B  Packet  enters  gateway  and  flows  to  the  firewall. 

B  Firewall  performs  single-pass  classification  as  part  of  the  filtering  process,  then  creates  an  index  that  is  forwarded 
with  the  packet  throughout  the  services  gateway  device. 

B  As  deep  content  security  services  such  as  intrusion  detection  and  prevention  begin,  the  device  performs  common 
processes  such  as  URL  extraction  and  normalization  one  time. 

Q  Content  from  the  security  inspection  is  stored  in  a  centralized  content  management  repository  and  retrieved  by 
follow-on  security  services. 

B  The  gateway  performs  routing  and  forwarding  one  time,  and  only  when  the  packet  is  deemed  to  be  fully  safe  and 
legitimate. 


BY  SUDHA  VALLURU 

Packet  classification  and  inspection  — 
categorizing  packets  into  flows  and  check¬ 
ing  headers  to  determine  how  to  handle 
data  blocks  —  are  essential  for  services  pro¬ 
cessing.  Traditional  routers  classify  packets 
by  checking  their  headers  against  access 
control  lists  (ACLs)  to  determine  where  the 
packets  should  go  next.  But  without  ACL 
uniformity  for  different  services,  one  packet 
must  be  classified  and  inspected  multiple 
times. 

Today  vendors  are  consolidating  multiple 
services  onto  a  single  device,  yet  these 
devices  still  classify  packets  one  service  at  a 
time. As  a  result,  consolidated  devices  incur 
more  processing  inefficiencies  and  over¬ 
head  with  every  additional  service.  Single¬ 
pass  classification  and  inspection  can  over¬ 
come  these  problems  and  increase  CPU 
efficiency  by  classifying  packets  for  all  ser¬ 
vices  in  a  single  pass. 

At  the  heart  of  one-pass  packet  classifica¬ 
tion  is  a  single,  flexible,  extensible  syntax 
that  administrators  can  use  to  define  a 
common  classification  and  specify  policies 
for  all  services,  down  to  an  application’s 
payload  level.  This  syntax  also  can  define 
complex  classifications  for  QoS,  anti-virus, 
VoIP  and  other  applications  —  something 
older  syntaxes  cannot  do. 

For  single-pass  packet  classification  to 
work  well,  packets  must  flow  through  a 
multi-function  services  gateway  in  a  cer¬ 
tain  order  to  ensure  that  all  services  are 
performed  at  the  correct  points.  In  multi¬ 
ple-pass  classification,  services  gateways 
send  a  packet  first  to  a  router,  where  the 
first  classification  occurs,  but  this  exposes 


the  router  to  denial-of-service  attacks  or 
other  security  problems.  Once  the  packet 
leaves  the  router  and  goes  to  a  firewall,  it  is 
classified  again, and  so  on  for  every  service 
in  the  consolidated  device.This  uses  up 
CPU  cycles,  increases  system  latency  and 
introduces  more  possibilities  for  errors. 

With  single-pass  packet  classification,  a 
packet  enters  a  firewall  first,  thus  protecting 
all  other  services  in  a  gateway  In  the  fire¬ 
wall,  the  IPSec  service  decrypts  and  classi¬ 
fies  the  packet  —  just  once,  using  the  com¬ 
mon  classification  —  and  attaches  a  tag 
that  contains  information  about  which  ser¬ 
vices  need  to  process  the  packet.The  pack¬ 
et  then  passes  to  a  filter  in  the  services 
gateway  that  accepts  or  denies  it  based  on 
information  in  the  tag. 

From  the  filter,  the  packet  undergoes  a 
denial-of-service  check  and  on  to  an  intru¬ 
sion-prevention/intrusion-detection  system 
(IPS/IDS),  which  not  only  inspects  packet 
content  for  signs  of  intrusion  but  also 
extracts,  normalizes  and  processes  informa¬ 
tion  about  the  content  and  stores  it  in  a  cen¬ 
tralized  content  management  repository 

The  content  repository  is  especially  use¬ 
ful  when  the  packet  passes  to  the  network 
address  translation  (NAT)  service,  since 
NAT  applications  require  a  deep  packet 
inspection  that  searches  content  for  illegal 
statements.  Only  after  the  packet  has  been 
classified,  inspected  and  verified  as  safe 
does  the  gateway  forward  it  to  the  router 
and  on  to  the  internal  network. 

One-pass  classification  and  content 
inspection  is  a  simple  and  elegant  solution 
to  the  piecemeal  processing  approach 
used  by  consolidated  multi-service 


devices,  dramatically  increasing  CPU  effi¬ 
ciency,  decreasing  risk  of  errors  and  mini¬ 
mizing  latency. 


Vallum  is  director  of  software  engineer¬ 
ing  for  NetDevices.  He  can  be  reached  at 
svallum@netd.  com. 


Ask  Dn  Internet  By  Steve  Blass 

' 


Can  I  use  Microsoft  Word  to  create  custom  e- 
mail  messages  with  the  mail  merge  feature  built 
into  Word? 

In  Word  2003  you  can  use  the  mail  merge  feature  to 
generate  customized  e-mail  messages.  At  the  Tools 
menu,  select  Letters  and  Mailings,  then  Mail  Merge. 
This  launches  the  Mail  Merge  wizard.  Under  "Select 
document  type"  choose  “E-mail  messages”  and  click 
“Next."  Under  “Select  starting  document”  choose  to 


either  use  the  current  document,  to  start  from  a  tem¬ 
plate,  or  to  start  from  an  existing  document.  Click 
"Next”  to  move  to  step  three,  where  you  select  the 
recipients.  Under  "Select  recipients”  either  use  an 
existing  list,  choose  from  Outlook  contacts,  or  type  a 
new  list. 

After  making  your  choice  and  clicking  "Next",  it  is  time 
to  write  the  letter.  While  composing  the  letter  there  are 
predefined  mail  merge  fields  for  the  address  block  and 
salutation  available  for  use,  along  with  a  "More  items” 


field  that  lets  you  include  other  fields  defined  in  your 
recipient  list.  After  completing  the  letter,  click  “Next”  to 
preview  the  results  of  the  mail  merge.  After  reviewing 
the  merged  letters  and  adjusting  the  recipient  list  if 
needed,  click  "Next."  Click  "Electronic  Mail,"  enter  your 
subject  line  and  click  "OK”  to  send  the  merged  e-mail 
messages. 

Blass  is  a  network  architect  at  Change@Work  in  Houston. 
Questions  can  be  sent  to  dr.intemet@changeatwoik.com. 
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Phone  fixes 


We  had  been  struggling  to 
connect  our  T1V0  over  our 
newly  installed  Vonage  VoIP 
service  so  that  theTiVo  could  update 
its  programming,  but,  alas,  we  discov¬ 
ered  the  Vonage  service  doesn’t  sup¬ 
port  modem  passthrough  (see  last 
week’s  Gearhead  at  www.  network 
world.com,  DocFinder:  8044). 

We  solved  our  problem  by 
installing  another  phone  jack  and 
doing  some  rewiring  to  connect  that 
jack  to  the  regular  phone  line  that 
comes  with  our  DSL  service. 

Note  that  SBC  doesn’t  offer  “naked”  DSL  yet.This  is  some¬ 
thing  that,  for  the  foreseeable  future,  is  just  as  well  because 
it  is  far  more  likely  that  the  DSL  connection  will  have  a 
problem  than  the  plain  old  telephone  service  (POTS)  line. 

We’re  going  to  remove  long-distance  from  our  POTS  line 
and,  every  service  we  can,  and  just  keep  it  for  emergency 
(as  in  no  power)  and  TiVo  use.  Actually  TiVo,  we  are  told, 
plans  to  offer  support  in  a  future  version  for  operating  com¬ 
pletely  over  TCP/ipthough  we  have  no  idea  when  this  will 
be  available. 

Someone  suggested  that  we  try  a  power-line  phone  jack 
rather  than  “hard”  wiring  back  to  the  regular  working  phone 
line  from  the  jack  near  the  TiVo.  Nice  idea  except .... 

We  checked  out  the  RCA  Wireless  Modem  Jack  Model 
926,  which  is  available  in  many  consumer  electronics 


stores.  As  we  said,  in  theory  using  a  power-line  phone  jack 
sounds  great  but  it  turns  out  that  the  926  can  only  handle 
fax  transmissions. 

Of  course,  the  maximum  signaling  rate  for  fax  machines 
is  28.8K  bit/sec  but  will  fall  all  the  way  down  to  9,600 
bit/sec,  which  means  that  unless  your  PC  or  TiVo  can  toler- 

We  solved  our  problem  by 
installing  another  phone  jack 
and  doing  some  rewiring  to 
connect  that  jack  to  the  regular 
phone  line  that  comes  with  our 
DSL  service. 

ate  really  slow  links,  products  like  the  926  will  not  work. 

If  you’re  looking  to  get  around  your  TiVo-(or  any  other 
modem  device)-over-VoIP  problem  by  using  this  kind  of 
device,  make  sure  you  buy  the  RCA  930  or  the  Phonex  Easy 
Jack  (see  Gearblog  for  links  —  see  Gearblog  for  all  links  in 
Gearhead  at  www.networkworld.com/weblogs/gearblog, as 
well  as  those  in  BackSpin). 

The  Phonex  Easy  Jack  looks  like  one  of  the  best  overall 
choices  because  one  base  unit  can  support  up  to  eight 
remote  telephone  units  (but  for  a  single  line  only), and  you 
can  have  multiple  base  units.  Each  base  unit  is  “paired”  with 


each  of  its  remote  units  so  that  the  connection  between  the 
base  and  the  remote  is  private,  which  makes  the  Phonex 
Easy  Jack  ideal,  for  example,  for  apartment  buildings.  As  far 
as  we  can  determine  none  of  the  RCA  products  support 
this  privacy  feature. 

Even  though  we  had  theTiVo  problem  solved  we  thought 
we  should  take  a  look  at  the  wireless  phone  jack  system 
anyway  We’ve  got  a  building  that  is  some  distance  from  the 
house  and  we’ve  always  wanted  a  phone  down  there  so  we 
had  all  the  excuses  we  needed. 

We  purchased  our  gear  from  Radio  Shack.  It  cost  perhaps 
$5  more  than  schlepping  down  to  Best  Buy  (which  would 
have  cost  us  $5  in  gas  and  at  least  40  minutes  that  we  didn’t 
have  to  spare)  for  the  RCA  equivalent. 

Surprisingly  the  Radio  Shack  Wireless  Phone  Jack  offers 
the  same  pairing  feature  along  with  multiple  remote  units 
but  we  can’t  find  any  documentation  on  how  to  carry  out 
pairing. 

The  system  is  truly  plug  and  play  We  plugged  the  wire 
less  jack  base  unit  into  the  line  and  a  telephone  into  the 
base  unit’s  handset  jack,  we  wandered  down  to  the  build¬ 
ing  and  plugged  in  the  remote  unit.  It  worked. There’s  at 
least  350  feet  of  cabling  that  also  carries  X-10  (remember 
our  irrigation  project?)  and  power-line  Ethernet  connec¬ 
tions,  and  now  a  phone  line,  as  well!  The  fun  just  keeps  on 
coming! 

What  networking  fun  are  you  having?  Tell  gearhead 
@gibbs.com. 
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CoolTools 

Quick  takes  on  high-tech  toys.  Keith  Shaw 


The  scoop:  Mio  269  Mobile  Navigation  System,  from  Mio 
&  Technology  about  $800. 

What  it  is:  Most  portable  GPS  devices  include  a  bunch  of  CD- 
ROMs  with  maps  of  North  America.  Because  of  limited  memory  space  on  the 
devices,  users  must  pick  and  choose  the  map  they  want  and  load  it  up  onto  the 
device  via  their  PC  or  through  a  memory  card,  such  as  a  Secure  Digital  card. The 
Mio  269  includes  a  2.5G-byte  hard  drive  that  comes  pre-loaded  with  maps  of  the 
U.S.  and  Canada. 

The  Mio  269  also  saves  some  of  the  hard  drive  space  (between  500M  bytes  and 
1G  byte), so  users  can  store  MP3  files  and  contact  names.The  MP3  player  lets  users 
listen  to  music  when  they’re  not  navigating,  and  the  contacts  software  lets  them 
click  on  a  contact  address  for  navigation  purposes. 

Navigation  features  include  visual  (2-D  and  3-D)  and  voice  directions  to  a  user’s 
destination,  and  the  mapping  software  includes  more  than  1  million  points  of 
interest,  including  airports,  automated  teller  machine  (ATM)  locations,  gas  stations 
and  restaurants.The  system  has  an  integrated  GPS  antenna, a  rechargeable  lithium 
ion  battery,  1-inch  speaker  and  3.5-inch  color  touchscreen. 

Why  it’s  cool:  Loading  and  unloading  maps  onto  a  portable  GPS  device  was 
always  a  pain,  so  it’s  nice  to  see  a  device  that  already  includes  the  maps  pre- 
loaded  (the  system  comes  with  the  CD-ROMs  in  case  you  need  to  reload  them). 
The  integrated  antenna  on  the  GPS  means  no  breakable  parts,  and  the  system 
found  the  satellites  to  triangulate  my  position  quicker  than  other  devices  I’ve  tried. 

The  mapping  software  was  very  good.  It  gave  me  accurate  directions  to  any  loca¬ 
tions  1  typed  in  and  could  recalculate  a  new  path  if  I  missed  a  turn.  I  also  liked  the 
ability  to  search  for  specific  points  of  interest  and  calculate  a  route  based  on  the 
category  type  rather  than  the  address.  For  example,  I  wanted  to  go  to  the 
Burlington  Mall,  in  Burlington,  Mass.,  but  didn’t  know  the  address.The  software  let 


me  browse  for  area  shopping  malls  and  then 

navigate  specifically  to  that  mall  without  accuracy  and  MP3  playing  capability 
knowing  the  street  address. 

Another  cool  feature  is  the  ability  to  find  the 
closest  “something”  based  on  where  you  are.This 
is  handy  if  you’re  stuck  in  a  city  and  need  to 
find  the  closest  ATM.  Or  when  you’re  hungry 
for  Chinese  food  and  want  a  list  of  restaurants 
and  see  how  far  away  each  one  is. 

The  MP3  player  and  contacts  manager 
were  nice  touches  —  having  the  MP3 
player  on  the  Mio  269  meant  I  could  use 
it  for  something  else  when  I  wasn’t  sitting  in 
my  car  or  wondering  where  I  was.  For  people 
who  have  lots  of  contacts  and  need  to  visit  them  fre¬ 
quently,  the  ability  to  navigate  to  their  addresses  via  the  con 
tacts  manager  was  a  plus.  Thankfully,  software  synchronizes  the  Mio 
269  contacts  manager  with  Outlook,  so  I  didn’t  have  to  re-type  all  my  con¬ 
tacts  onto  the  device. 

Some  caveats:  I  was  disappointed  that  the  MP3  player  was  not  integrated  with 
the  navigation  software.  When  using  the  Navigator  application,  I  couldn’t  listen  to 
my  tunes.  Hopefully  this  will  be  fixed  in  future  versions  so  users  can  multi-task  — 
find  where  they’re  going  and  listen  to  music  at  the  same  time.  Because  the  device 
can  act  like  an  iPod,  users  could  then  connect  an  adapter  that  plays  the  music 
through  a  car’s  speakers. 

The  device  also  froze  a  few  times  in  the  middle  of  a  trip,  requiring  a  reboot. 
Additionally  it  took  some  time  to  get  used  to  the  interface  when  inputting  a  desti¬ 
nation  or  searching  for  a  specific  point  of  interest. 

Grade:  irkirk  (out  of  five) 

Shaw  can  be  reached  at  kshaw@nww.com. 


Do  you  worry  about  .  .  . 


bringing  new  Network  IT  products  to  market? 
reaching  Network/IT  and  Corporate  Managers? 
accelerating  your  sales  cycle? 

getting  your  company's  message  in  front  of  a  powerful  audience  of  Network  IT  buyers? 

Stop  worrying  .  .  . 

when  you  sponsor  a  Network  World  Technology  Tour  and  Expo.  These  dynamic  live 
multi-city  events  will  bring  you  face-to-face  with  the  Network  World  community  —  the 
architects,  strategists,  decision-makers  and  buyers  for  today's  enterprise  networks. 

Network  World  is  now  accepting  sponsorship  bookings  for  2005  Technology  Tours  and 
Expos.  Sponsorships  are  limited  to  guarantee  a  dynamic  experience  for  both  sponsors 
and  attendees  so  act  now. 

Contact  Andrea  D'Amato,  National  Sales  Director,  Events  and  Executive  Forums,  at 

800-622-1108,  Ext.  6520  or  adamato@nww.com 
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June 

June 

July 
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Sept 

Nov/Dec 


Wireless  and  Mobility 

Network  Management/IT  Automation 

Remote  Office  Networking 

WAN  Optimization 

Voice  over  IP/Convergence 

Extended:  Wireless  and  Mobility 

SMB 

Security 

Extended:  Voice  over  IP/Convergence 
IT  Road  Map:  2006 


To  attend  a  Network  World  Technology  Tour  and  Expo  free,  register  at  www.networkworld.com/events 
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SMB  tour  kicks  off 


it 


perimeter  protection  really  becoming  unneces¬ 
sary?” 

“Is  there  a  single  tool  that  can  monitor  data  and 


voice  traffic?” 

“How  can  smaller  businesses  protect  themselves  and  their 
users  from  pharming  attacks?” 

“What  suggestions  does  the  panel  have  for  small  to  mid¬ 
size  businesses  [SMBs]  regarding  data  encryption?” 

“In  an  SMB,  if  you  take  into  account  ALL  the  intangible 
costs  [for  voice,  upgrading  the  network  for  QoS]  and  factor 
in  long-distance  charges  in  the  2-cents-a-minute  range, 
where  is  the  cost  justification  for  VoIP?” 

Those  were  just  some  of  the  thoughtful  and  important 
questions  raised  this  week  by  IT  execs  during  the  first  leg  of 
the  Network  World  Technology  Tour  on  IT  Strategies  for 
Small  to  Mid-Sized  Business. 

The  event  in  Chicago  was  well  attended  and  demonstrat¬ 
ed  that  IT  pros  at  SMBs  face  the  same  issues  as  their  large- 
enterprise  peers.  After  all,  a  security  breach  at  a  500-person 
company  can  be  as  devastating  as  a  security  breach  at 
Citibank.  Spam  and  spyware  and  phishing  and  pharming 
are  just  as  much  of  a  nuisance.  Data  backup  and  recovery 
are  just  as  vital.  And  a  major  architecture  change, such  as 
moving  to  VoIRcan  be  just  as  big  a  deal. 

When  attendees  were  asked  to  name  their  top  concerns 
going  forward,  the  list  included  security  backup  and  data 
recovery,  wireless  networks, VoIP  implementations, server 
upgrades,  spam,  storage,  spyware,  securing  and  encrypting 
mobile  data,  management  of  remote  locations,  growth, 
changing  laws,  storage  management,  data  and  voice  con¬ 
vergence,  authentication  services,  Web  server  application 
tuning,  and  remote  monitoring  of  servers. 

Sound  familiar?  One  difference  between  the  big  guys  and 
the  smaller  companies  is  that  the  little  guys  don’t  have  the 
resources  that  larger  companies  can  muster. This  is  why 
keynoter  James  Gaskin’s  advice  to  SMBs  seems  so  valuable: 

Don’t  try  to  reinvent  the  technical  wheel. 

Leverage  the  experience  of  outsiders. 

Share  knowledge  inside  the  company;  create  searchable 
databases. 

Protect  company  data  with  authentication,  encryption, 
backup  and  disaster  recovery. 

Invest  in  VoIP 

Prepare  for  a  distributed  workforce. 

Manage,  focus  and  train  employees. 

Come  to  think  of  it,  that’s  not  bad  advice  for  companies  of 
any  size. 

Oh,  and  the  answers  to  the  five  questions  posed  by  con¬ 
ference  attendees  above  are:  no;  no;  see  story  on  page  39; 
yes,  wherever  possible;  and  see  last  week’s  story  on  the  ROI 
of  VoIP  (www.networkworld.com,  DocFinder:  8033). 


—  Neal  Weinberg 
Features  editor 
nu>einberg@nww.  com 


OS  matters 

Kevin  Tolly’s  column, “Does  the  OS  matter  anymore?” 
(www.networkworld.com,  DocFinder:  8022)  was  a 
Mac  promo  rather  than  an  explanation  of  the 
premise.The  operating  system  matters  because  of  the 
cost  of  keeping  it.  Let’s  face  it,  if  Microsoft  charged  $20 
to  $30  for  a  reliable  upgrade  and  would  always  offer 
an  option  to  retain  the  previous  interface,  not  many 
of  us  would  care.  The  reason  the  operating  system 
matters  is  because  we  have  been  strong-armed  into: 
(1)  paying  outrageously  high  upgrade  fees  for  some¬ 
thing  most  of  our  users  just  don’t  need,  (2)  paying  for 
support  for  an  unreliable  product,  and  (3)  having  no 
way  to  displace  it  cost  effectively 

The  answer  is  not  a  Mac  (same  problem,  different 
logo). The  answer  is  stability  and  the  option  to  “stay 
where  we  are.”  Half  of  the  workstations  in  my  office 
should  almost  never  need  to  be  upgraded. 

I  am  not  a  “bash  Microsoft”  guy  I  applaud  what  it 
has  accomplished.  But  there  is  a  problem  when 
monopoly  is  combined  with  greed. 

Gary  Lavery 
Executive  vice  president 
GAF  Seelig 
Woodside,  N.Y 

I  enjoyed  Kevin  Tolly’s  column  on  how  the  desktop 
operating  system  isn’t  as  big  of  a  deal  as  it  used  to  be 
—  with  open  source  software  and  freeware  making 
the  desktop  compatible  with  the  back  end. 

My  organization  is  mainly  PC-based;  however,  there 
is  a  strong  Mac  contingent  within  the  faculty  Mac  OS 
X  has  become  a  great  alternative  platform  to  PCs 
that  are  constantly  barraged  by  viruses. With  Mac  OS 
X’s  ability  to  authenticate  against  our  Active 
Directory  and  a  great  cross-platform  product  such  as 
FileMaker,  the  Macs  are  a  snap  to  support.  Really, 
there  are  few  products  that  require  a  PC  here.  In  our 


next  round  of  faculty  computer  purchases,  I  expect 
to  see  a  few  more  “switchers.” 

My  desk  looks  like  the  bridge  of  the  starship 
Enterprise:  My  PowerMac  has  two  displays,  one  for 
Mac,  one  for  Virtual  PC  (which  is  really  just  used  for 
support  issues;  I  use  the  Mac  for  everything  else). 

Jared  Nichols 
Technology  support  specialist:  desktop 
New  England  Conservatory 
Boston 

Showing  some  backbone 

Your  story  “Carriers  push  users  to  move  off  legacy 
nets”  (DocFinder:  8023)  states:  “In  the  past,  customers 
would  use  multiple  services  from  one  carrier  to  en¬ 
sure  redundancy  If  all  traffic  is  sent  over  the  same 
backbone,  users  will  not  have  redundancy  ‘We’ll 
probably  see  more  customers  adopt  a  multi-carrier 
strategy  as  a  result  of  network  consolidation’ 
Gartner’s  David  Willis  says.” 

The  Layer  2  or  3  MPLS  network  will  be  built  on  top 
of  a  dense  wavelength  division  multiplexing  and 
reconfigurable  optical  add/drop  multiplexing  Layer 
1  and  2  backbone  network.This  backbone  will  have 
redundancy  and  recovery  that  should  be  transpar¬ 
ent  to  the  customer.  Ask  your  vendor  of  choice  if  that 
isn’t  the  case.  The  vendor  will  be  real  cagey  when 
answering  questions  about  Layer  1  and  service-level 
agreements  if  the  Layer  1  network  isn’t  as  described 
above.  If  the  vendor  is  unable  to  give  easily  under¬ 
stood,  written  answers,  then  you  should  consider 
going  with  a  different  vendor. 

Stephen  Wyman 
Network  specialist 
Texas  Department  of  Transportation 

Austin 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief.  Network  World,  1 18  Turnpike  Road,  Southborough,  MA  01 772. 
Please  include  phone  number  and  address  for  aerification. 
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STRATEGY  SESSION 
Jeff  Kaplan 


Off-target  offshore  outsourcing 


Few  IT  industry  trends  have  been  as  contro¬ 
versial  as  offshore  outsourcing.  By  not  only 
offloading  their  IT  functions  to  third  parties, 
but  also  turning  to  remote  low-cost  outsourcers  to 
gain  the  greatest  savings,  corporations  worldwide 
have  accepted  the  notion  that  many  aspects  of  IT 
are  merely  commodities  despite  the  business 
risks  associated  with  outsourcing.  While  few  firms 
are  equipped  to  handle  all  of  their  IT  functions  on 
their  own,  all  companies  should  be  cautious 
about  a  new  round  of  opportunistic  outsourcers 
trying  to  win  a  piece  of  the  market  with  increas¬ 
ingly  offbeat  business  models. 

One  of  the  most  bizarre  is  SeaCode,  a  venture 
that  will  place  software  engineers  and  application 
developers  on  a  cruise  ship  off  the  coast  of 
California,  where  they  supposedly  will  have  a 
competitive  advantage  over  more  remote  out¬ 
sourcers  in  India,  China  and  elsewhere  (see 
www.networkworld.com,  DocFinder:  8024). 
Although  this  premise  seems  laughable,  many 
corporations  are  so  desperate  to  reduce  expenses 
that  the  idea  of  using  almost  any  means  to  cut  IT 
costs  has  become  plausible  —  despite  the  fact 
that  even  the  most  conservative  forms  of  IT  out¬ 
sourcing  can  be  fraught  with  problems. 


For  instance,  the  benchmarking  firm  Compass 
recently  released  a  report  saying  hidden  “self-sup¬ 
port”  costs  that  arise  when  companies  outsource 
desktop  services  can  triple  previous  in-house  sup¬ 
port  costs.  This  is  because  many  outsourcers 
impose  strict  policies  that  discourage  end  users 
from  submitting  desktop  support  requests  and 
force  them  to  try  to  fix  their  own  problems. 

There  is  no  question  that  outsourcing  is  a  good 

[Many  offshore  out¬ 
sourcers  use]  temporary 
workers  who  have  little 
incentive  to  provide  reli¬ 
able,  quality  services. 

idea  for  many  firms  that  need  to  reduce  operating 
costs  and  improve  IT  operations.  However,  many 
companies  will  be  hurt  by  hastily  following  the 
herd  down  the  outsourcing  path  without  thor¬ 
oughly  evaluating  the  growing  array  of  new  out¬ 
sourcing  providers.  Given  that  various  research 
reports  contend  more  than  half  of  traditional  out¬ 
sourcing  agreements  to  date  have  been  terminat¬ 


ed  or  substantially  restructured  because  they 
failed  to  meet  their  original  business  objectives, 
firms  shouldn’t  plunge  into  new  outsourcing 
arrangements  without  carefully  examining  the  lat¬ 
est  market  entrants. 

As  the  labor  costs  of  established  offshore  out¬ 
sourcers  in  India  and  elsewhere  escalate,  many 
are  searching  for  lower-cost  locations  and  trying 
to  create  less-expensive  service  delivery  methods 
to  remain  competitive.  Unfortunately  the  new  off¬ 
shore  locations  tend  to  be  even  more  remote  with 
fewer  skilled  workers. 

The  greatest  concern  about  the  latest  round  of 
opportunistic  outsourcers  is  that  many  of  these 
providers  openly  admit  they  are  relying  on  tem¬ 
porary  workers  who  have  little  incentive  to  pro¬ 
vide  reliable,  quality  services. While  some  offshore 
outsourcers  offer  valuable  IT  skills  and  services, 
companies  shouldn’t  entrust  any  part  of  their  IT 
operations  to  outsourcers  with  short-term  success 
strategies  based  on  untested  delivery  schemes  or 
transient,  uncommitted  workers. 

Kaplan  is  managing  director  ofThinkstrategies,  a 
consultancy  in  Wellesley,  Mass.  He  can  be  reached 
at  jkaplan  @thinkstrategies.  com. 


REALJTY  CHECK 
Thomas  Nolle 


Does  open  access  matter? 


Last  month  the  Supreme  Court  ruled  that  the 
FCC  was  justified  in  exempting  cable  com¬ 
panies  from  sharing  their  cable  data  service 
with  competitors,  because  they  were  providing  an 
information  service,  not  a  telecom  service.  FCC 
Chairman  Kevin  Martin  then  indicated  the  FCC 
would  take  steps  to  level  the  playing  field  by 
exempting  RBOC  DSL  service  from  the  require¬ 
ment,  too.  Big  government  loves  big  business? 

We  all  should  have  figured  out,  based  on  the 
way  the  competitive  local  exchange  carrier  busi¬ 
ness  model  shook  out,  that  real  competition  isn’t 
having  one  supplier  and  a  bunch  of  resellers  and 
that  a  market  based  on  this  will  eventually  see 
everyone  but  the  supplier  die  or  change  to  a  dif¬ 
ferent  business  strategy  Similarly  if  ISPs  are  really 
companies  that  buy  access  from  an  RBOC  or 
cable  company  and  pay  to  link  to  an  Internet  they 
do  nothing  to  build,  then  they’re  not  contributing 
much  to  the  advance  of  networks  or  creating  a 
survivable  business  model. 

But  beyond  the  historical  lack  of  success  for 
overlay  players  dependent  on  access  to  another 
company’s  infrastructure,  who  cares?  Typical 
Internet  users  probably  know  who  provides  ser¬ 
vice  based  only  on  who  bills  them  every  month. 
Those  who  actually  see  their  ISP  in  some  direct 
way  most  likely  do  so  because  they  use  the  ISP’s 
home  page  as  their  browser  default,  or  because 
their  e-mail  address  has  the  ISP’s  domain  name  in 
it.  In  effect,  the  ISP  is  a  portal  player  that  may  also 
be  getting  some  revenue  from  reselling  access 
and  perhaps  assigning  the  customer  an  IP 


address.  They  become  “access  players”  only  to 
get  control  of  the  customer. 

The  question  is  whether  that  strategy  still  works. 
Portal  players  are  important  because  their  role  as 
the  customer’s  starting  point  for  an  Internet  expe¬ 
rience  guarantees  them  eyeball  share.  As  such, 
they’re  in  a  position  to  sell  you  services  over  the 
Internet  —  a  better  position  than  the  ISP  may  be 
in  if  you,  the  user,  elect  to  point  your  browser 
home  page  somewhere  other  than  the  ISP’s 
home  page. 

Interestingly,  portal  players  such  as  Google  are 

Typical  Internet  users ... 
know  who  provides  service 
based  only  on  who  bills 
them  every  month. 

looking  to  create  their  own  Internet  backbone  by 
peering  not  with  other  ISPs  but  directly  with  the 
access  incumbents, such  as  the  RBOCs  and  cable 
companies.They  want  to  add  value  to  their  offer¬ 
ings  —  the  stuff  they  hope  to  sell  from  their  por¬ 
tals,  including  voice  and  video  —  by  improving 
delivery  performance  to  the  user.  It’s  ironic  that 
portal  players  try  to  build  infrastructure  while 
ISPs  try  to  exploit  the  infrastructure  of  others. 
Viewed  in  this  light,  the  FCC  and  Supreme  Court, 
by  discouraging  the  discredited  overlay  model 
for  the  Internet  market,  might  be  advancing  the 
state  of  the  market  and  even  encouraging  real 
competition  —  from  the  portal  guys. 


So  why  do  the  RBOCs  want  some  form  of  regu¬ 
latory  parity  with  the  cable  companies?  I  think 
it’s  because  of  their  IPTV  offerings.  The  regulato¬ 
ry  framework  for  IPTV  is  much  murkier  than  for 
Internet  service.  Nobody  has  offered  it,  so  it  has¬ 
n’t  been  tested  in  the  courts.  IPTV  also  is  a  big 
competitive  risk.  Video  demands  a  lot  of  high- 
quality,  low-cost  bandwidth.  If  the  RBOCs  had  to 
share  that  bandwidth  with  others,  what’s  to  pre¬ 
vent  those  other  parties  from  offering  Internet 
service  over  it? 

A  portal  player  such  as  Google,  which  builds 
out  a  backbone  network  that  touches  every  U.S. 
city,  could  become  a  formidable  competitor  if 
given  access  to  inexpensive,  good-quality  RBOC 
IPTV  pipes.  But  even  without  access  to  such 
pipes,  and  even  without  open  access  at  all, 
Google  and  other  portal  players  could  be  poten¬ 
tial  killer  competitors.  Access  bandwidth 
requirements  for  IPTV  depend  primarily  on 
whether  the  material  has  to  be  streamed  in  real 
time.  If  you  add  just  a  bit  of  caching  on  the 
premises,  streaming  video  over  DSL  or  cable 
could  work  if  a  new  backbone  with  low  delay 
and  good  QoS  delivers  it  to  the  access  edge.  If 
you’re  willing  to  store  the  entire  video  for  play, 
almost  any  consumer  broadband  connection 
would  allow  for  video  delivery 

Open  access?  Who  needs  it?  We’ve  got  Google. 

Nolle  is  president  of  CIMI  Corp ,  a  technology 
assessment  firm  in  Voorhees,  NJ.  He  can  be  reached 
at  (856)  753-0004  or  tnolle@cimicorp.com. 
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Future-proof  your  network 

Try  these  10  tips  for  squeezing  a  long  life  from  infrastructure  investments. 

BY  LAURIANNE  MCLAUGHLIN 


core  data  center.  Even  then,  consider  keeping  about  20%  of  the  expansion 
room  open. 

With  management  tools,  the  fewer  pieces  you  have  to  snap  together,  the 
better.  “Ensure  that  you  are  managing  your  WLAN  network  like  you  man¬ 
age  your  LAN.That  means  centralized  help  desk  support,  centralized  man¬ 
agement  tools,  and  a  clear  support  Web  site,”  Daley  says. 

2.  Navigate  the  wireless  standards  waters. 

Are  you  waiting  for  a  set  list  of  wireless  standards  before  doing  any 
more  WLAN  planning?  Bad  news:  You  can’t  wait  that  long.  These  stan¬ 
dards  —  such  as  the  up-and-coming  802.1  In  for  higher  bandwidth, 
802.1  lr  for  fast  roaming,  and  802.1  le  for  QoS  —  will  remain  in  flux  for 
a  while.  “802.1  In  is  coming, but  given  the  standards  fight  going  on, don’t 
plan  to  wait  for  802.1  In.  It  may  be  a  few  years  before  there  is  ratified 
equipment,”  Daley  says. 

However,  knowing  how  vendors  address  fast  roaming  and  QoS  is  impor¬ 
tant.  At  minimum, you  want  to  stay  below  50  millisec  for  roaming  between 
access  points.  For  QoS,  confirm  the  vendor  supports  the  Wireless 
Multimedia  standard,  or  will  shortly  Also,  make  sure  the  vendor  can  articu¬ 
late  how  it  will  make  products  compliant  with  the  future  802.1  lr  and 
802.1  le  standards,  and  any  associated  costs,  Daley  says. 

3.  Make  way  for  10G  and  avoid  bottlenecks. 

In  the  Gigabit  vs.  10G  bit/sec  Ethernet  debate,  how  should  you  play  it 
smart?  “Prices  are  still  pretty  high,”  says  David  Newman,  president  of 
Network  Test,  a  benchmarking  and  network  design  firm,  and  a  member  of 
the  Network  World  Lab  Alliance.  But  playing  it  cheap  might  not  be  prudent 
if  your  current  backbone  can’t  keep  up  later. 

“10G  is  the  automatic  choice  today  in  data  centers.The  place  where  it’s 

See  Future,  page  38 


,tv 


Power  over  Ethernet  will 
simplify  the  work  When  you 
need  to  deploy  more  access 
points  or  VoIP  phones.  Look 
for  support  for  the  802. 3af 
standard, 


A  field-upgradable  policy 
feature  card  delivers  innov¬ 
ative  hardware-based  ser¬ 
vices  such  as  IPv6,  MPLS  or 
generic  route  encapsulation 
VPNs. 


The  right  infrastructure  gear 
can  be  a  key  ally  in  your  quest 
to  avoid  a  forklift  upgrade.  A 
switch  such  as  Cisco’s  Catalyst 
6509,  as  shown 
here  in  data  center 
and  wiring  closet 
configurations, 
protects  invest¬ 
ments  by  keeping 
several  important 
options  open. 


SSL-based  VPNs  scale 
well  and  ensure  great 
security  \  switch  with 
space  for  an  add-in  SSL 
VPN  module  should  prove 
a  cost-effective  choice. 


If  you’ve  ever  done  a  tricky  remodeling  project  at  home,  you 
might  be  familiar  with  the  urge  to  just  level  the  place  and  start 
over.  But  on  your  corporate  network,  no  one  wants  to  have  to 
explain  the  need  for  a  forklift  upgrade  where  large  parts  of  the 
infrastructure  must  be  overhauled.  How  can  you  maximize  the 
longevity  of  your  IT  investments  in  a  world  of  ever-changing  pro¬ 
tocols  and  constantly  evolving  security  dangers?  Beyond  thinking 
carefully  about  scalability  and  capacity,  here’s  a  look  at  some  key 
tasks  for  your  future-proofing  to-do  list.  Keep  these  considerations 
in  mind  as  you  evaluate  and  purchase  new  gear. 


Stick  to  modular  equipment  centralized  management 

To  avoid  rip-out  upgrades  later,  follow  this  advice  whether  you’re  planning 
your  wireless  or  wired  LAN.  On  the  wireless  side,  this  usually  means  buying 
a  centralized  wireless  LAN  (WLAN)  switch  that  will  let  you  upgrade  access 
points  easily  “Stand-alone  fat  [access  points]  exclusive  architectures  are 
out,  but  some  companies  are  deploying  a  mix  of  thin  and  thick,”  for  exam¬ 
ple,  using  thick  access  points  to  support  branch-office  locations,  says  Ellen 
Daley  principal  analyst  at  Forrester 
Research.  On  the  wired  side,  this  means 
selecting  equipment  that  is  as  modular 
as  possible  in  the  wiring  closets  and  the 


10G  Ethernet  is  a  must  for  the 
data  center.  Avoid  future  bot¬ 
tlenecks  by  putting  10G  in  the 
wiring  closet  to  accommodate 
new  PCs  thr  come  with  1G 
Ethernet  adaf  jrs. 


Switch  with  a  future 


Stay  as  modular  as  possible  to  add  capacity 
as  needed.  These  chassis  have  nine  slots. 
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As  companies  move  forward  with  their  VoIP  rollouts  (96%  of  68  IT  execs 
polled  in  a  recent  Nemertes  benchmark  say  they've  either  deployed  VoIP  or 
plan  to  do  so  within  the  next  12  months),  one  issue  they  often  neglect  is 
ensuring  appropriate  power.  Power-over-Ethernet  (based  on  the  802. 3af 
standard)  ensures  that  the  data  and  power  delivery  are  also  "converged." 
This  has  significant  implications  for  reliability. 


Make  sure  your  switches  and  routers  support  the  802. 3af  to  deliver  line 
power  to  phones.  Why?  Utility  grid  power  delivers  only  about  99.9% 
availability,  which  equates  to  48  hours  of  downtime  per  year.  Line-powered 
phones  can  be  backed  by  uninterruptible  power  supply  to  deliver  five-  to  six- 
nines  of  availability. 


Find  this  article  at 

www.networkworld.com/go/datacntr.html 


For  other  great  newsletter  topics,  go  to 
www.networkworld.com/go/nt0718.html 
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Future 

continued  from  page  36 

time  to  start  thinking  about  it  is 
the  wiring  closet  "he  says.  Current 
wiring  closet  switches  have  one 
or  more  uploads  to  the  corporate 
backbone;  today  that’s  1G  bit,  but 
were  starting  to  see  boxes  with 
10G  uplinks.  Remember,  virtually 
every  new  PC  now  has  a  1G  bit 
Ethernet  adapter  included,  New¬ 
man  says.  Put  all  these  PCs  on 
your  network  and  you’re  putting 
a  heavy  burden  on  the  back¬ 
bone.  “With  10G,  you’re  not  going 
to  have  bandwidth  bottlenecks. 
Plan  today  and  avoid  conges¬ 
tion,”  he  says. 

4.  Keep  an  eye  on  new 
Ethernet  specs. 

While  new  Ethernet  specifica¬ 
tions  continue  to  pop  up,  many  of 
them  pertain  to  switching  and 
security  aimed  at  service 
provider  networks.  The  one  that 
could  be  an  intriguing  option  for 
the  enterprise  LAN  is  802.1AB,  or 
Link  Layer  Discovery  Protocol 
(LLDP).  You’ll  see  this  mostly  in 
switches,  routers  and  IP  tele¬ 
phones,  though  you  won’t  see  it 
often,  for  now.  This  discovery  pro¬ 
tocol  helps  a  switch  learn  about 
an  endpoint  device  such  as  a 
VoIP  phone  and  helps  simplify 
configuration. 

Extreme  Networks  recently 
introduced  the  first  edge  switch 
with  LLDP  capability,  and 
Extreme’s  telephony  partner 
Avaya  plans  to  introduce  LLDP- 
compliant  phones  later  this  year. 
LLDP  could  make  VoIP  rollouts 
more  plug  and  play  and  simplify 
policy  management.  LLDP’s  net¬ 
work  troubleshooting  and  man¬ 
agement  possibilities  might 
widen,  but  you’ll  have  to  wait  and 
see  whether  more  vendors  imple¬ 
ment  the  technology  in  edge 
switches. 

5.  Cross  IPv6  off  your  worry 
list  -  mostly. 

Next-generation  IPv6  makes 
important  improvements.  But 
should  you  be  investing  in  it 
today?  “It’s  not  that  important  in 
North  America  yet,  with  two 
exceptions,”  Network  Test’s 
Newman  says. 

The  first  exception:  Asian  com¬ 
panies  with  U.S.  operations  or  U.S. 
companies  with  Asian  opera¬ 
tions.  In  Asia,  branch  offices,  cus¬ 
tomers  and  suppliers  already  are 


building  and  using  IPv6  net¬ 
works.  If  this  describes  your  com¬ 
pany,  don’t  wait  to  create  a 
deployment  plan,  Newman  says. 
In  the  other  exception,  the  U.S. 
Department  of  Defense  has  com¬ 
mitted  to  IPv6,  so  its  would-be 
contractors  need  IPv6  on  their 
radar  screens. 

Otherwise,  you  can  wait. 
“There’s  no  compelling  driver  for 
a  small  or  medium  business  to 
go  to  IPv6  toda>f  Newman  says. 
But  do  look  for  IPv6  support  in 
the  routers  you  buy,  he  advises. 
“The  potential  you’re  going  to 
need  that  v6  support  is  only 
going  to  increase  over  time.” 

6.  Don't  hang  up  on  VoIP. 

If  you  haven’t  deployed  VoIP 
yet,  leave  the  door  open  to  the 
possibility,  says  Abner  Ger- 
manow,  enterprise  networking 
research  manager  at  IDC.  Start 
with  insisting  on  modular  switch¬ 
es,  he  says.  Depending  on  your 
network  topology,  you  also  might 
need  to  consider  routers  that 
can  serve  as  backup  for  the 
voice  traffic  if  the  wide-area  link 
goes  down,  he  says.  Consider  a 
more  expensive  router  with  this 
kind  of  capacity,  or  realize  you’re 
going  to  need  some  other  type  of 
redundancy  plan.  “Be  sure  you’ll 
be  ready  to  solve  this  problem,” 
Germanow  says. 

You’ve  probably  heard  some 
buzz  about  VoWi-Fi,  but  should 


“[Contract  program¬ 
mers]  get  access  to 
the  VPN  for  certain 
time  frames.  I  have 
total  control." 

Randy  Colone 

Technical  services  manager, 
Johnson  Matthey 


you  worry  about  it  yet?  “If  you’re 
only  using  WLAN  in  conference 
rooms  today,  probably  not,” 
Germanow  says.“But  if  your  com¬ 
pany  has  a  mind-set  toward 
mobility  voice  will  be  part  of  that.” 
Hospitals,  for  example,  have  led 
the  charge  with  VoWl-Fi. 

In  this  case,  keep  roaming  and 
future  dual-mode  Wi-Fi/cellular 
handsets  in  mind.  Because  those 
standards  are  not  set,  ensure  that 
vendors  will  commit  to  future 
IEEE  standards. 

7.  Buy  flexibility  with  Power 
over  Ethernet 

For  added  and  future  deploy¬ 
ments  of  VoIP  handsets,  wireless 
access  points  and  security  cam¬ 
eras,  Pbwer  over  Ethernet  (PoE) 
technology  gives  generous  flexi¬ 
bility  with  regard  to  where  the 
devices  can  live.  In  a  few  years, 
you’ll  see  even  more  devices  tak¬ 
ing  advantage  of  PoE.such  as  lap¬ 
top  computers.  Luckily  it’s  not 
hard  to  keep  this  option  open 
because  PoE  doesn’t  mandate 
any  change  to  Ethernet  cabling. 
At  a  basic  level,  all  you  need  is 
Category  5e  wiring. 

If  you  want  to  enable  PoE  later, 
you  won’t  necessarily  have  to 
buy  a  new  switch,  because  you 
can  add  a  midspan  product  that 
connects  PoE  to  legacy  network 
switches.  (Midspans  also  prove 
useful  if  you  have  just  a  small 
number  of  ports  that  will  need 
PoE.)  However,  to  be  more  for¬ 
ward-looking,  make  sure  edge 
switches  have  built-in  PoE  capa¬ 
bility.  The  only  standard  you 
need  to  worry  about  is  the  cur¬ 
rent  IEEE  standard,  802. 3af. 

The  IEEE  is  working  on  a  higher- 
power  successor  to  802.3af,  which 
will  offer  more  than  today’s  12 
watts  of  power  to  individual 
devices.  Expected  to  be  ratified  in 
about  two  years,  this  future  stan¬ 
dard  will  offer  backward  compat¬ 
ibility  with  today’s  access  points 
and  client  phones,  says 
PowerDsine  CEO  Igal  Rotem, 
whose  company  is  helping  shape 
the  standard. 

8.  SSL-based  VPNs  score  for 
mobility,  security. 

Your  company’s  need  for  mobil¬ 
ity  will  only  increase.  In  planning 
VPNs  for  remote  workers,  choose 
an  SSL-based  VPN  instead  of  one 
using  IPSec.  An  SSL-based  VPN 
gives  more  scalability  and  flexibil¬ 
ity  to  add  users  and  applications, 


says  Forrester  Research  analyst 
Robert  Whiteley  Johnson  Matthey 
a  London  specialty  metals  com¬ 
pany  deployed  its  Netilla  SSL  VPN 
appliance  about  three  years  ago 
for  e-mail  and  Microsoft  Office, 
then  easily  moved  up  to  about  60 
applications,  says  Randy  Colone, 
technical  services  manager  at  U.S. 
headquarters  in  Wayne,  N.J.  The 
VPN  provides  tight  security  for 
work  with  contract  programmers. 
“They  get  access  to  the  VPN  for 
certain  time  frames,”  Colone  says. 
“I  have  total  control. ’’The  contrac¬ 
tors  no  longer  have  to  be  on-site 
and  the  VPN  even  provides  access 
to  production-related  data  living 
in  an  old  AS400. 

More  companies  use  SSL-based 
VPNs  to  secure  applications  on 
the  LAN,  making  office  workers 
log  on  via  the  VPN’s  strong 
authentication  technology  just 
like  remote  employees. With  dedi¬ 
cated  appliances  from  vendors 
such  as  Juniper  or  Netilla  (now 
part  of  AEP  Networks),  consider 
the  entire  potential  remote  work¬ 
force,  not  just  the  current  one. 

“Make  sure  you  buy  a  box  with 
headroom,  so  it  is  just  an  issue  of 
buying  licenses,”  Whiteley  says. 
Another  important  option: 
Vendors  such  as  Cisco  have  begun 
offering  cost-effective  SSL  VPN 
modules  that  snap  into  switches 
such  as  the  Catalyst  6500. 

9*  Stay  nimble  on  security. 

Security  proves  a  particularly 
tough  planning  challenge  be¬ 
cause  the  threats  constantly 
change.“Recognize  that  security  is 
different,”  says  cryptography  ex¬ 
pert  and  Counterpane  Internet 
Security  founder  and  CTO  Bruce 
Schneier.“It’s  not  about  features  or 
performance,  so  you  can’t  really 
future-proof  your  network  against 
future  attacks.  Make  sure  you  can 
install  new  security  quickly  and 


“10G  is  the  automatic 
choice  today  in  data 
centers.  The  place 
where  it's  time  to 
start  thinking  about  it 
is  the  wiring  closet" 

David  Newman 

President  of  Network  Test  and 
member  of  the  Network  World 
Lab  Alliance 

efficiently 

With  wireless,  one  option  you 
can  take  now  is  802.  IX  authenti¬ 
cation.  “You’re  taking  an  inherent¬ 
ly  insecure  technology  like  WLAN 
and  adding  very  strong  authenti¬ 
cation  technology  Network  Test’s 
Newman  says.  “Plus  802.  IX  also 
carries  into  the  wired  world.”  By 
extending  802.  IX  authentication 
to  your  LAN  switches,  you  add  a 
good  layer  of  protection,  he  says. 

At  minimum  you’ll  need  an 
authentication  server  such  as  a 
RADIUS  server.  Look  for  strong  en¬ 
cryption  on  every  link  of  the  net¬ 
work.  Remember  single-sourcing 
from  a  software  vendor  increases 
your  risk.“It  doesn’t  make  sense  to 
be  an  all-Linux  shop,  an  all-Win¬ 
dows  shop,”  he  says. 

10  ■  Consider  the  big  picture 
more  often. 

To  truly  future-proof  your  net¬ 
work,  it’s  not  enough  to  stay  on 
top  of  port  counts  and  protocols. 
Future-minded  network  planning 
also  means  understanding  where 
your  company’s  business  is  head¬ 
ing  and  what  that  in  turn  means  to 
the  network. 

Multi-casting  protocols,  for 
example,  aren’t  a  concern  for 
many  businesses  outside  of  finan¬ 
cial  services  yet,  Newman  says. 
But  you  need  to  consider  whether 
your  company’s  goals  might  take 
you  there  later.  In  a  similar  vein,  it’s 
worth  the  time  to  keep  closely 
tuned  to  your  network  vendors’ 
future  product  and  business 
strategies. You  certainly  want  ven¬ 
dors  that  are  committed  to 
upgrading  hardware/firmware/ 
software  and  whose  product  lines 
won’t  need  full  replacements. 

McLaughlin  is  a  freelance  writer 
in  the  Boston  area.  She  can  be 
reached  at  laurianne@mind 
spring.com. 
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How  to  prevent  pharming 

Protect  your  company's  online  reputation  by  locking  down 
DNS  and  guarding  against  domain  hijacking. 


BY  DEBORAH  RADCLIFF 

You’re  familiar  with  the  dangers  of  phishing,  but  what 
about  pharming  threats?  Pharming  misdirects  Web  users 
of  trusted  brands  to  phony  storefronts  set  up  to  harvest 
IDs. The  crime  is  typically  accomplished  through  cache 
poisoning  of  DNS  servers  or  domain  hijacking,  in  which 
registrars  are  tricked  into  moving  domains. 

In  recent  months,  hackers  have  proven  there’s  reason  for  concern  about  both  types  of 
attacks.  In  March,  SANS  Institute  uncovered  a  single  cache-poisoning  attack  that  redirect¬ 
ed  1 ,300  brands,  including  ABC,  American  Express,  Citi  and  Verizon  Wireless.  In  January 
Panix  had  its  domain  hijacked  by  an  Australian  hacker;  and  in  April,  Hushmail’s  main 
name  server’s  IP  address  was  changed  to  that  of  a  hacker  graffiti  site. 

Statistics  tracking  pharming  occurrences  aren’t  yet  available.  However,  the  Anti-Phishing 
Working  Group  (APWG)  has  deemed  the  potential  problem  serious  enough  that  it  has 
lumped  pharming  into  the  types  of  Internet  scams  and  fraud  the  group  aims  to  prevent. 

The  problems  of  cache  poisoning  and  domain  hijacking  have  been  around  a  long  time, 
and  they’re  technologically  and  organizationally  complex  to  solve,  experts  say  But  there 
are  some  steps  you  can  take  to  protect  your  DNS  servers  and  your  domains  from  being 
manipulated  by  pharmers,  who  will  soon  be  using  hacker  techniques  to  trick  large  num¬ 
bers  of  redirected  users  into  giving  up  personal  information. 

Unstick  BIND 

The  DNS  security  problem  points  back  to  Berkeley  Internet  Domain  (BIND),  which  is 
riddled  with  security  problems  that  have  been  widely  reported  for  the  past  five  years.  If 
you’re  running  a  BIND-based  DNS  server,  follow  best  practices  for  DNS  management, says 
Ken  Silva, VeriSign’s  chief  security  officer. 

“Keeping  DNS  servers  patched  and  up  to  date  is  a  first  step,  and  there  are  a  number  of 
best  practices  guides  about  configuring  these  servers  better.  But  DNS  in  its  current  state 
has  fundamental  problems,” says  Johannes  Ullrich,  chief  research  officer  at  SANS. 

Upgrading  to  BIND  9.2.5  or  implementing  DNSSec  would  make  the  cache  poisoning 
risk  disappear,  says  Paul  Mockapetris,  chief  scientist  at  Nonimum  and  an  original  author 
of  the  DNS  protocol.  But  such  migrations  are  tedious  and  difficult  without  interfaces  pro¬ 
vided  in  DNS  management  appliances  from  vendors  such  as  BlueCat  Networks,  Cisco,  F5 
Networks,  Lucent  and  Nortel.  And  some  companies  such  as  Hushmail  have  opted  to 
replace  BIND  with  the  open  source  TinyDNS.  Alternate  DNS  software  options  include 
those  from  Microsoft,  PowerDNS  and  JH  Software,  among  others. 

No  matter  what  DNS  you’re  running,  follow  the  best  practices  that  Michael  Hyatt,  presi¬ 
dent  of  BlueCat  Networks,  outlines  below: 

•  Run  separate  name  servers  for  redundancy  on  different  network  segments. 

•  Separate  external  and  internal  name  servers  (physically  separate  machines  or  run 
BIND  Views)  and  use  forwarders.  External  authoritative  name  servers  should  accept 
queries  from  almost  any  address,  but  forwarders  don’t.  They  should  be  configured  to 
accept  queries  from  internal  addresses  only  Disable  recursion  (the 
process  of  locating  DNS  records  from  the  root  server  downward)  on 
external  authoritative  name  servers.  This  allows  you  to  limit  which 
DNS  servers  have  contact  with  the  Internet. 

•  Restrict  dynamic  DNS  updates  when  possible. 

•  Restrict  zone  transfers  to  authorized  devices  only. 

•  Use  transaction  signatures  to  digitally  sign  zone  transfers  and  zone 
updates. 

•  Hide  the  version  of  BIND  being  run  on  the  servers. 


•  Remove  any  unnecessary  services  running  on  the  DNS  servers,  such  as  FTP  telnet 
and  HTTP 

•  Use  firewall  services  both  at  the  network  perimeter  and  on  the  DNS  servers.  Limit 
access  to  only  those  ports/services  that  are  required  for  DNS  functionality. 

Hold  registrars  accountable 

Brian  Smith,  CTO  for  Hushmail,  still 
seethes  about  how  easy  it  was  for  hackers  to 
trick  the  front-line  customer  service  repre¬ 
sentatives  at  his  domain  registrar,  Network 
Solutions,  into  changing  the  IP  address  for 
Hushmail’s  main  name  server,  which  he  dis¬ 
covered  on  a  Monday  morning. 

“This  looked  really  bad  for  us,” Smith  says. 

“I  would  like  to  see  better  security  policies 
among  registrars  that  are  documented  and 
publicly  available.  But  I  can’t  tell  you  a  sin¬ 
gle  registrar  that  does  this,  and  I’ve  been 
looking  ever  since  this  happened.” 

His  sentiments  echo  those  of  Alex  Resin, 
president  of  Panix.com,  who  feels  just  as 
strongly  about  failures  on  the  part  of  regis¬ 
trars  that  led  to  the  hijacking  of  the  Panix 
domain  in  January  First  his  registrar  sold 
his  domain  registration  to  a  reseller  without 
notification.Then.the  reseller  proceeded  to 
transfer  the  domain  to  a  social  engineer  — 
also  without  notifying  Resin. 

“The  domain  system  needs  systemic,  fun¬ 
damental  changes,”  Resin  says.“There  are  a 
lot  of  proposals,  but  things  aren’t  happen¬ 
ing  fast  enough.” 

It’ll  be  a  long  wait  for  marketplace 
demand  and  ICANN  leadership  to  force  secure  transfer  policy  among  registrars. So  Resin, 
Smith  and  Tim  Cole,  chief  registrar  liaison  at  ICANN,  suggest  the  following  to  minimize 
your  risk: 

•  Ask  your  registrar  for  written,  enforceable  policy  statements.  Put  it  in  writing  that  they 
contact  you  if  a  domain  move  is  requested. 

•  Lock  the  domain  name,  which  requires  registrars  to  hold  transfers  until  passwords  or 
other  identifying  information  is  provided  to  unlock  it. 

•  Keep  your  authoritative  contact  information  up  to  date  at  your  registrar.  Assume  an 
ignored  notification  of  change  will  be  processed. 

•  Use  registrars  with  24/7  service  so  they  can  act  quickly  in  case  of  a  breach. 

•  If  there  is  an  unauthorized  move,  contact  the  registrars  involved  immediately 

•  If  you  don’t  get  resolution,  go  to  your  domain  registry  (VeriSign  for  .com  and  .net). 

•  If  you  still  have  problems  retrieving  your  domain,  contact 
ICANN  resolution  (transfers@ICANN.org). 

•  If  you’re  a  large  domain,  become  your  own  registrar  like 
Google  has. 

Or  become  your  own  reseller  using  TuCows.com’s  open  API, 
OpenSRS.to  control  all  of  your  domains. 

Radcliff  is  a  freelancer  writer  in  California  and  can  be  reached  at 
deb@radcliff.  com. 
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Find  a  10-step  white  paper  from  domain 
registrar  VeriSign.  DocFinder:  8021 


ICANN  domain 
transfer  policy 

Enacted  in  November,  ICANN’s  poli¬ 
cy  is  intended  to  protect  domain 
holders.  However,  one  drawback 
is  that  it  leaves  the  meaning  of 
“verifies”  open  to  interpretation. 

•  Gaining  Registrar  "verifies"  that  they 
are  dealing  with  the  current 
Registrant. 

•  Gaining  Registrar  submits  Transfer 
request  at  the  Registry. 

•  Losing  Registrar  can  (but  doesn't 
always)  e-mail  the  Registrant  with  a 
“Do  you  really  want  to  leave?"  e-mail. 

•  Losing  Registrar  cannot  deny  a 
transfer  out  on  an  Active  (unlocked) 
domain  *if*  the  Registrant  ignores 
the  “Do  you  really  want  to  leave?" 
e-mail. 

SOURCE:  RICHARD  LAU,  DOMAIN  NAME  CONSULTANT 
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Pros:  Very  good  Linux  Samba  management  via 
MMC;  easy  use/control  of  important  Linux 
components. 


Cons:  Documentation  needs  much  work;  Apache 
module  not  yet  available. 


Results  3.55 


Price:  $1,500  for  10  servers 
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InterStructures  1.0.4 

QCD  Microsystems 


QCD’s  InterStructures 
plug-ins  mind  the  OS  gap 


BY  TOM  HENDERSON,  NETWORK  WORLD  LAB  ALLIANCE 

It  might  be  heresy  to  try  to  manage  a  Linux  server  from  a  Microsoft  platform. 
But  that  is  what  QCD  Microsystems  has  attempted  with  its  InterStructures 
Microsoft  Management  Console  (MMC)-based  series  of  applets.  With  these 
plug-ins,  Linux  services  such  as  DHCF?  DNS,  SAMBA  and  Squid  Web  proxy 
(and  soon  Apache  2.0), are  managed  from  the  familiar  look  and  feel  offered 
by  the  MMC.  Our  tests  showed  that  the  InterStructures  modules  are  simple  to 
install,  and  provide  a  single,  convenient,  drag-and-drop  interface  to  manage 
a  combined  Windows/Linux  infrastructure. 


The  MMC  approach  makes  sense  both  in  centralized  and 
distributed  infrastucture  where  Microsoft’s  Active  Directory 
components  live,  as  Active  Directory  requires  Dynamic 
Domain  Name  Service  to  be  cohesive  with  other  DNS 
deployments.  When  branch  offices,  private  networks  or 
server  farms  comprise  a  heterogeneous  deployment.it  can 
be  difficult  to  synchronize  DNS. 

The  same  is  true  when  SAMBA,  the  Linux  to  Active 
Directory  proxy  is  used  as  a  file  sharing  method  between 
Windows  and  Linux  hosts.  Linux  distribution  makers  and 
others  have  made  applications  to  control  SAMBA  in  great 
detail,  but  these  don’t  control  nor  do  they  address  admin¬ 
istration  and  configuration  of  Active  Directory  and  its  allied 
services,  such  as  DNS,  DHCP  and  Internet  Information 
Server. The  InterStructures  modules  flip  the  control  back  to 
Microsoft  platforms,  and  a  user  interface  known  to  almost 
every  Microsoft  systems  administrator. 


We  installed  InterStructures  snap-in  applications 
on  a  single-processor  HP  DL140  server  with  1G 
byte  of  dynamic  RAM  running  Windows  Server 
2003  Enterprise  Edition  and  a  single  processor  Toshiba 
Satellite  workstation  with  1G  byte  of  dynamic  RAM 
running  Windows  XP.  We  installed  the  Linux  modules  on 
Red  Hat  Advanced  Server  4.0,  SuSE  Linux  Enterprise 
Server  9  and  Fedora  Core.  All  of  the  Linux  distributions 
ran  on  HP  DL140  servers. 

We  used  an  Active  Directory  installation  with  300 
users  divided  into  three  main  directory  trees.  We  cre¬ 
ated  the  relationship  between  the  Samba  modules  run¬ 
ning  in  each  Linux  server  to  gauge  how  rapidly  syn¬ 
chronization  could  take  place.  We  tested  mass  dele- 


The  InterStructures  modules  (all  of  which  are  down¬ 
loaded  from  the  vendor’s  site)  fall  into  two  categories: 
Windows-hosted  MMC  snap-ins  installed  on  Windows 
workstation  or  server  used  as  the  MMC  console;  and  mod¬ 
ules  that  connect  with  a  single  host  daemon  running  on 
target  Linux  hosts.  We  tried  three  hosts  —  SuSE  Linux 
Enterprise  Server  9  (SLES9),  Red  Hat  Advanced  Server  4 
(RHAS4)  and  Fedora  Core  (see  How  we  did  it)  —  certified 
by  InterStructures  for  use  with  its  product. 

Installation  onto  a  Linux  server  requires  momentary  root 
access,  and  processes  run  as  root  or  at  the  level  of  the  dae¬ 
mons  they  cover  (such  as  DNS  and  Squid). The  installation 
instructions  are  incorrect  but  the  process  is  understand¬ 
able.  We  had  no  difficulties  installing  the  software  under 
RHAS4  and  Fedora  Core,  but  were  required  to  install  Perl  on 
SLES9.  Once  the  configuration  modules  and  core  daemon 
are  installed  in  target  servers,  the  daemon  restarts  automat- 


tions,  movements  and  group  changes,  then  watched 
replication  and  audited  the  results. 

We  tested  DNS  by  configuring  forward  referencing 
records,  as  well  as  MX  and  Dynamic  Domain  Name 
System  records. 

We  created  multiple  DHCP  zones,  and  tested  DHCP 
services  synchronized  between  Windows  DHCP  and 
Linux  DHCP  zones  successfully.  We  removed  and 
added  zones  and  were  able  to  ascertain  that  the 
changes  happened  almost  immediately  to  Linux  when 
they  were  made.  We  also  tested  Squid  with  Apache 
2.0.3  running  inside  of  each  Linux  server.  We  cached 
only  HTTP  for  the  testing  purposes  and  checked 
module  functionality  options. 


The  Breakdown 


Configuration/management  35% 

4  Scoring  Key: 

Administrative  tools  35% 

^  5:  Exceptional: 

Documentation  20% 

*  3:  Average; 

Installation  10% 

3.5  2:  Below  average; 

Total  score 

3  55  1:  Consistently  subpar 

ically  Windows-side  installation  takes  a  few  moments. 

The  communications  process  uses  an  underlying  combi¬ 
nation  of  SSL  (128-bit),  Simple  Object  Access  Protocol  and 
Java  2  Platform  Enterprise  Edition  —  all  of  which  are  hid¬ 
den  transports  between  the  MMC  and  the  target  applica¬ 
tions/services.  Administrators  don’t  see  the  underlying 
communications  components.  Changes  to  Active  Directory 
are  made  to  SAMBA  authenticating  hosts  during  normal 
synchronizing  periods.  It  took  about  10  minutes  for  our 
Linux  servers  to  join  and  synchronize  with  our  300-user 
Active  Directory  data. 

We  brought  several  Linux  servers  immediately  into  the 
control  of  the  MMC.  After  initial  synchronization,  we  were 
able  to  create  groups  and  users  within  the  newly  distributed 
Active  Directory/SAMBA  directory  delete  them,  and  watch 
them  subsequently  appear  and  disappear  as  required.  Major 
changes,  such  as  making  large  groups  or  massively  deleting 
users,  sometimes  took  a  bit  longer  than  we  expected,  espe¬ 
cially  when  a  mixture  of  changes  was  applied. 

Because  Linux  has  fewer  usable  group  names  and  char¬ 
acters  from  which  to  derive  names,  it’s  important  to  know 
what  characters  are  legal  to  use  in  both  environments.  DNS 
and  DHCP  configuration  was  just  as  easy  as  the 
SAMBA/Active  Directory  process,  but  these  settings  are 
infrequently  changed. 

We  also  were  able  to  change  the  Squid  settings  on  each 
server  as  though  we  were  making  manual  changes  on  the 
command-line  through  a  Secure  Shell  connection  on  each 
Linux  server.  We  could  allocate  space,  proxy  ports,  service 
proxy  information,  DNS  cache  and  other  settings  specific  to 
Squid,  which  is  a  Linux  app  often  used  for  Web  services 
proxy  cache  management. 

The  brand-new  nature  of  the  InterStructures  modules 
means  that  they  suffer  some  dot-zero  ills  such  as  incom¬ 
plete,  messy  documentation.  Error  messages  aren’t  very 
useful  or  articulate. 

InterStructures  seeks  to  apply  an  analgesic  to  the  pains  of 
managing  a  mixed  environment  by  allowing  Windows 
administrators  the  pleasure  of  using  a  familiar  method  to 
administrate  sought-after  functionality  or  merely  control 
Linux  servers  and  clients. 

Henderson  is  principal  researcher  for  ExtremeLabs  in 
Indianapolis.  He  can  be  reached  at  thenderson@extreme 
labs.com. 
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HP  PROLIANT  BL20p  G3  BLADE  SERVER 


with  ProLiant  Essentials  Management  Software 

•  Up  to  2  Intel®  Xeon™  Processors  (3.60GHZ/2MB)1 

■  High  density:  Up  to  48  serveis  per  rack 

■  Rexible/Open:  Integrates  with  existing  infrastructure 

•  HP  Systems  Insight  Manager™:  Web-based  networked 
managment  through  a  single  console 

•  Rapid  Deployment  Pack:  For  ease  of  deployment  and 
ongoing  provisioning  and  reprovisioning 


HP  STORAGEWORKS  MSA1500cs 


Get  2TB  of  Storage  Free($2,800  Value)1 

•  Up  to  24TB  of  capacity  (96  250GB  SATA  drives) 
■  Up  to  16TB  of  capacity  (56  300GB  SCSI  drives) 

•  Ability  to  mix  SCSI  and  Serial  ATA  enclosures 
for  greater  flexibility 

•  2GB/ 1GB  Fibre  connections  to  host 


The  HP  ProLiant  BL20p  G3  blade  server  with  the  Intel®  Xeon™  Processor  simplifies  server  management. 
Simple  to  set  up,  simple  to  monitor,  simple  to  manage.  If  all  starts  with  the  Rapid  Deployment 
Pack,  giving  you  an  automated  setup  process  to  configure  and  deploy  servers  at  a  high  volume 
and  a  rapid  pace.  Then  HP  Systems  Insight  Manager™  carefully  monitors  your  infrastructure, 
alerting  you  to  potential  problems  before  they  occur.  And,  whenever  you're  away  from  the  office, 
the  remote  management  features  let  you  manage  your  server  no  matter  where  you  are.  Plus,  you 
can  bundle  it  with  the  HP  StorageWorks  MSA1500  to  make  storing  your  data  simple,  scalable 
and  affordable.  So  with  HP,  you  get  more  expertise  before  you  buy,  more  technology  when  you 
do  and  more  support  after. 


SMART  ADVICE  >  SMART  TECHNOLOGY  >  SMART  SUPPORT 


Download  a  free  I  DC  white  paper; 

Reducing  Total  Cost  of  Ownership 
Through  the  Use  of  Blade  Systems. 

Save  $750  instantly 

on  a  blade  enclosure  solution?-4 
See  Web  site  for  details. 


Call  1-866-356-6088 
Click  Hp.com/go/bladesmag8 
Visit  your  local  reseller 


1 .  Intel's  numbering  is  not  a  measurement  of  higher  performance.  2.  Receive  up  to  2TB  of  storage  free  with  purchase  of  HP  StorageWorks  Modular  Smart  Array  1500  cs  devices.  3.  Save  $750  instantly  on  the  purchase  of  any  HP  BladeSystem  pCIass  enclosure.  Offer  valid  through  7/31/05. 4.  Save  $750  instantly  on  the  purchase  of  a  BladeSystem 
pCIass  1U  power  enclosure  solution.  Offer  valid  through  10/31/05.  All  offers  available  from  HP  Direct  and  participating  resellers.  Prices  shown  are  HP  Direct  prices,  are  subject  to  change  and  do  not  include  applicable  state  and  local  sales  tax  or  shipping  to  recipient's  destination.  Reseller  prices  may  vary.  See  Web  site  for  full  details.  Photography 
may  not  accurately  represent  exact  configurations  priced.  Associated  values  represent  HP  published  list  price.  Intel,  Intel  Inside,  the  Intel  Inside  Logo  and  Intel  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  ©2005  Hewlett-Packard  Development  Company,  L.P. 
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MENT  STRATEGIES 


CAREER  DEVELOPMENT 


PROJECT  MANAGEMENT 


BUSINESS  JUSTIFICATION 


IT  intellect 

The  ’Net  and  niche  firms  give  IT  pros  ample  options  for  market  research. 


BY  JENNIFER  MEARS 


hen  it  comes  to  buying  IT  research,  John  Halamka,CIO  of 
Harvard  Medical  School  and  CareGroup  Healthcare  System  in 
Boston,  is  cutting  the  fat. 


After  years  of  paying  multi-thousand-dollar  subscription 
licenses  to  big  research  firms  such  as  Gartner,  Halamka  is 
looking  for  technology-focused  “boutique”  consultants 
who  can  help  with  specific  projects  and  be  paid  on  a 
case-by-case  basis. 

“We  had  been  buying  into  research  firms  because  they 
were  very  helpful  from  a  strategic  standpoint  and  the 
world  wasn’t  so  complicated  then,”  Halamka  says.  "But 
over  the  last  year  and  a  half  I  have  absolutely  canceled 
every  one  of  my  enterprise  generic  kinds  of  agreements 
and  replaced  them  with  niche  consulting  agreements.” 

Across  the  board,  IT  executives  are  finding  a  growing 
number  of  options  when  it  comes  to  getting  technology 
information  and  advice.  As  the  IT  research  market  consoli¬ 
dates  and  matures  into  just  a  few  big  players  —  think 
Gartner,  Forrester  and  IDC  —  the  number  of  smaller,  niche 
consultancies  is  on  the  rise.  At  the  same  time,  there  is 
more  information  on  the  Internet  and  a  bigger  emphasis 
on  peer-to-peer  networking  and  events  to  offer  real-world 
experience  and  advice. 

It’s  all  good  news  for  IT  managers  who  are  being  asked 
to  do  more  with  less. 

“There  are  just  a  lot  more  options  today  so  you  should 
spend  the  time  to  package  something  that  works  for  you,” 
says  Louise  Garnett,  vice  president  and  lead  analyst  at 
Outsell,  an  advisory  firm  that  tracks  the  IT  information  and 
content  market. 

That  means  expanding  beyond  the  traditional  con¬ 
straints  of  subscription  pricing  with  giant  consultancies 
and  looking  at  new  methods  of  getting  IT  information, 
including  on-demand  and  a  la  carte  services,  free  white 
papers  and  Webcasts  online,  and  membership  in  a  variety 
of  peer-based  network  groups. 

An  IT  team  leader  at  a  large  manufacturing  firm  who 
asked  not  to  be  named  says  her  company  still  contracts 
with  Gartner,  but  she  supplements  that  with  information 
and  advice  from  her  peers. “We  research  other  companies’ 
white  papers  to  pull  together  as  many  other  company 
experiences  with  possible  new  directions,”  she  says. 
“Personally,  I  consider  white  papers  to  be  less  biased  than 
other  sources.” 

That  is,  unless  the  white  papers  are  vendor-backed. 
Increasingly  research  firms,  which  had  been  struggling 
during  the  economic  downturn, have  been  taking  paid 
work  from  vendors  to  write  white  papers  focusing  on  that 
vendor’s  product  or  technology. 


“You’re  definitely  seeing  more  vendor-based  stuff,  more 
competitive  analysis,”  says  Norma  LaRosa.CEO  of 
Kensington  Group,  a  research  firm  that  focuses  strictly  on 
the  IT  research  industry“But  it’s  incumbent  on  the 
research  firm  to  present  balanced  views.They  have  to 
show  their  objectivity  at  all  times.” 

At  the  same  time,  users  have  to  be  especially  discrimi¬ 
nating  about  who  sponsors  the  research. The  number  of 
Web  sites  such  as  KnowledgeStorm,  which  aggregates 
white  papers  and  other  IT  information  for  the  purpose  of 
generating  leads  for  vendors,  are  on  the  rise. 

When  Halamka  gets  vendor-sponsored  white  papers,  he 
says, “I  just  chuck  them.” 

Not  that  he  doesn’t  put  any  credence  in  vendor-driven 
analysis.'Tn  some  circumstances,  I  wouldn’t  go  to  a 
Forrester  or  a  Gartner,  but  I  would  go  to  Cisco  Advanced 
Services  for  very  specialized  consulting  because  I  trust 
them,”  he  says. 

Trust  is  a  big  issue  when  looking  for  research  and  advice 
that  could  anchor  a  buying  decision  in  the  thousands  —  or 
millions  —  of  dollars.That  is  one  reason  why  smaller,  bou¬ 
tique  firms  might  be  seeing  more  business.  Such  compa¬ 
nies  often  make  it  easier  for  IT  to  build  relationships  with 
trusted  advisors.  And  in  most  cases  pricing  is  more  flexible. 

ThinkStrategies,  for  example,  is  one  of  many  smaller 
firms,  including  The  Advisory  Council  and  Cutter 
Consortium,  that  give  enterprise  users  access  to  experts 
on  an  on-demand  basis.  Aberdeen  now  offers  per-seat 
pricing,  providing  access  to  its  analysts  and  research  for 
$399  per  person,  per  year  under  its  AberdeenAccess  pro¬ 
gram.  Annual  subscription  licensing  with  research  firms 


typically  starts  at  around  $15,000  and  can  go  as  high  as 
$50,000. 

“I’m  not  advising  clients  to  stop  doing  subscriptions,” 
Kensington  Group’s  LaRosa  says.“It  makes  sense  in  a  lot  of 
areas.  For  example,  in  an  industry  that  changes  a  lot  like 
wireless  or  handhelds,  where  things  move  so  fast  you 
need  ongoing  data  and  analysis,  you  might  want  to  do  a 
subscription,  whereas  if  you  are  just  trying  to  get  informa¬ 
tion  for  a  one-off  purchase,  you  might  just  want  to  buy  a 
single  report.  Most  larger  companies  are  buying  subscrip¬ 
tions  and  probably  will  continue  to  do  so.” 

One  area  where  the  larger  research  firms  have  been 
seeing  growth  has  been  in  events  and  peer-to-peer  net¬ 
working.  Gartner,  for  example,  has  its  Executive 
Programs,  a  membership-based  group  of  more  than 
2,000  CIOs  worldwide,  and  its  Best  Practices  offering, 
which  brings  together  peers  for  technology-focused  sup¬ 
port  and  advice. 

“Groups  of  members  being  brought  together  has  really 
been  a  growth  spot  for  the  entire  research  industry  and 
specifically  for  Forrester  and  Gartner^  Outsell’s  Garnett 
says.“The  other  growth  area  is  events.  Again,  it’s  bringing 
people  together” 

From  Halamka’s  perspective,  though,  even  network  ser¬ 
vices  offered  by  the  bigger  firms  are  too  generic.“I  need 
very  [technology]  focused  networking,”  he  says. 

In  order  to  get  targeted  research,  Halamka  says  he  could 
be  using  as  many  as  10  smaller  research  services  at  a 
time,  such  as  DNS  specialist  Men  &  Mice  and  The  Protocol 
Analysis  Institute.  At  the  same  time,  he  has  an  in-house 
research  staff  that  helps  sort  through  information  and  do 
in-house  prototyping  and  proof-of-concept  work. 

“So  with  the  in-house  research  staff  plus  the  devoted 
smaller  firms,  my  budget  on  the  whole  has  gone  up,”  he 
says,  estimating  that  he  spent  about  $200,000  annually  for 
large  research  firm  subscriptions  but  now  spends  about 
$250,000  with  smaller,  niche  consultancies.“But  I  will  tell 
you  that  I  believe  I  am  getting  much  more  value  for  that 
dollar  because  it’s  so  project  specific.”* 


An  incredible  shrinking  market 

As  IT  research  firms  consolidate,  Gartner  still  owns  nearly  half  of  the  market.  A  look  at  the  top  five  players. 


Rank 

Company 

Company  type 

2004  estimated  growth 

2004  estimated  market  share 

1 

Gartner 

Public 

4.1% 

40.1% 

2 

IDC  (acquired  Meridian  Research  in  2002) 

Private 

11% 

10.5% 

3 

Forrester  Research  (acquired  Giga  in  2003) 

Public 

9.9% 

6.2% 

4 

Meta  Group 

Acquired  by  Gartner 
April  2005 

15.5% 

6.4% 

5 

SOURCE 

Millward  Brown  Intelliquest 

:  OUTSELL’S  VENDOR  MARKET  DATABASE,  Jl 

Public 

)NE  2005 

7.1% 

2% 
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Each  component  of  the  AlterPath  System  is  designed  to  seamlessly  integrate 
into  the  enterprise,  able  to  scale  in  any  direction.  Whether  you  need  serial 
console  management  of  networking  equipment,  KVM  for  access  to  Windows® 
servers,  branch  management,  IPMI  or  HP  iLO  for  service  processor 
management,  or  advanced  power  management,  the  AlterPath  System  delivers. 
Cyclades  brings  it  all  together,  making  OOBI  administration  seem  like  child's  play. 


Over  85%  of  Fortune  100 
choose  Cyclades. 
www.cyclades.com/nw 

1 .888. cyclades  ■  sales@cyclades.com 
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The  Next-Generation  IT  Infrastructure 


Cyclades  AlterPath™  System  is  the  industry’s  most  comprehensive  Out-of-Band 
Infrastructure  (OOB!)  system.  The  AlterPath  System  allows  remote  data  center 
administration,  eliminating  the  need  for  most  time-consuming,  remedial  site 
visits.  When  fully  deployed  in  your  data  center,  Cyclades  AlterPath  System  lowers 
the  risks  associated  with  outages,  improves  productivity  and  operational 
efficiency,  and  cuts  costs. 
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Remote 


KVM  OVER  IP 
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MATRIX  KVM  SWITCH  WITH 
INTEGRATED  REMOTE  ACCESS  OVER  IP 


System-wide  connectivity  over  IP  worldwide  and  locally 
Connects  1,000  computers  to  up  to  256  user  stations 
Supports  PC,  Sun,  Apple,  USB,  UNIX,  serial  devices 
High  quality  video  up  to  1280  x  1024 
Secure  encrypted  operation 

View  real-time  video  from  4  computer  connections  with 
quad-screen  mode 


The  UltraMatrix  Remote  represents  the  next  generation  in  KVM  switches  with  IP  access.  It 
provides  a  comprehensive  solution  for  remote  server  access  over  IP  and  local  as  well. 

■  KVM  RACK  DRAWERS  WITH  KVM  SWITCH  OPTION 


UltraMatrix™  ■  PROFESSIONAL  MULTI-USER  KVM  SWITCH 

E-series  2  -  4  KVM  STATIONS  TO  1 ,000s  OF  COMPUTERS 

KVM  SWITCH  •  PC  or  multi-platform  (  PC/Unix,  Sun,  Apple,  others) 

•  On-screen  menu  informs  you  of  connection  status  between  units 
in  an  expanded  system 

•  Powerful,  expandable,  low  cost 

•  No  need  to  power  down  most  servers  to  install 

•  Security  features  prevent  unauthorized  access 

•  Free  lifetime  upgrade  of  firmware 

•  Video  resolution  up  to  1600  x  1280 

•  Available  in  several  models 

•  Easy  to  expand 

The  UltraMatrix  E-Series  represents  the  latest  in  KVM  matrix  switch  technology,  at  an 
affordable  price.  The  E-Series  allows  you  to  connect  up  to  256  user  stations  to  as  many  as 
1,000  computers.  The  UltraMatrix  E-Series  is  available  in  several  sizes:  2x4,  2x8,  2x16, 

4x4,  4x8,  4x16,  1x8,  and  1x16  in  either  PC  or  multi-  platform. 


RackViews  offer  the  latest,  most  efficient  way  to  organize  and  streamline  your 
server  rooms  and  multiple  computers. 

The  RackView  is  a  rack  mountable  KVM  console  neatly  fitted  in  a  compact  pull-out 
drawer.  This  easy-glide  KVM  drawer  contain  a  high-resolution  TFT/LCD  monitor,  a 
tactile  keyboard,  and  a  high-resolution  touchpad  or  optical  mouse. 


XtendVue  RackView 

Vertical  Rack  mountable  LCD  Fold-Forward 
With  Buit-in  KVM  Extender 


RackView 

Fold-Back 


RackView 
LCD  Monitor 


RackView 

Keyboard 


ROSE  US  281  933  7673 

ROSE  EUROPE  +44  (0)  1264  850574 

ROSE  ASIA  +65  6324  2322 

ROSE  AUSTRALIA  +617  3388  1 540 


800-333-9343 

WWW.ROSE.COM 
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How  Do  You  Distribute 


Power  in  Your  Data 
Center  Cabinet? 


.  .  ;  ‘  ‘Server  Technology,  Inc.  Sentry  is  a  trademark 


Server  1  ch  ology 

Solutions  for  the  Data  Ce-ntei  1 

The  Sentry  CDU  distributes  power  for  Blade 
servers  or  up  to  42  dual-power  111  servers 
in  one  enclosure.  Single  or  3-phase  input 
with  110VAC,208VAC  or  mixed  110/2(  !VAC 
single-phase  outlet  receptacles. 

Metered  CDU 

>  Local  input  Current  Monitoring 

Smart  CDU 

>  Local  Input  Current  Monitoring 

>  Supports  External  Temperature  and 
Humidity  Probes 

>  IP  Monitoring  of  Power  Temperatures 
and  Humidity 

Switched  CDU 

>  Local  input  current  Monitoring 

>  Supports  External  Temperature  and 
Humidity  Probes 

>  IP  Moni  iring  of  Power,  Temperatures 
and  Humidity 

>  Remote  Power  Control  of  Each  Outlet 
—  On  /  O  Reboot 

Server  Technology,  Inc.  toil  free  + 1 .800.835. 1 5 1 5 
1040  Sandhill  Drive  tel  +1  775.284.2000 

Reno,  NV  89521  fax  +1.775.284.2065 

wwwserveftech,corn 

sales%seryertech.com 
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Is  security  ripe 
for  outsourcing? 


Colleges  cram  for  test  sssar"  gssgarg  asaa*"*1* 
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Keeping  track  of  NASCAR 
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Reading  someone  else’s  cow  of 

NetworkWorld' 

Apply  for  your  own 

FREE 

subscription  today. 

my.nww.com/b04 

FREE  subscription 

(51  Issues) 


Apply  online  at:  my.l1WW.COm/b04 


Apply  for  your  FREE 

Network  World  subscription  today! 


A  $129  value 

I  YOURS  FREE 
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How  much  can  your  network  analyzer  handle? 

Observer  is  the  only  fully  distributed  network  analyzer  built 
to  cover  your  entire  network  (LAN,  802.1 1  a/b/g,  Gigabit,  WAN). 
Download  your  free  Observer  1 0  evaluation  today  and  experience 
more  real-time  statistics,  more  expert  events  and  more  in-depth 
analysis  letting  you  monitor,  troubleshoot  and  manage  every  site 
on  your  network  with  one  complete  solution.  Choose  Observer. 

-SECURI  tv  conTROL- Watch  for  virus  and  hack  attacks  to 
quickly  isolate  infected  areas. 

-RLERT  -  Setup  Triggers  and  Alarms  on  any  network  threshold 
and  be  the  first  to  know  of  network  issues. 

-nETwoRK  OMERIORB-  Monitor  bandwidth  utilization,  access 
point  utilization  rates  and  network  top  talkers  with  Real-Time  Statistics 

US  &  Canada  toll  free  800.526.5958 

fax  952.932.9545 

UK  &  Europe  +44(0)1959569880 

www.networkinstruments.com/analyze 
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The  Smart  Choice  for  Text  Retrieval®  since  1991 


♦  over  two  dozen  indexed,  unindexed,  fielded  &  full-text  search  options 

♦  highlights  hits  in  HTML,  XML  and  PDF  while  displaying  embedded 
links,  formatting  and  I fi'ils ! j f 

♦  converts  other  file  types  (word  processor,  database,  spreadsheet, 
email,  ZIP,  Unicode,  etc.)  to  HTML  for  display  with  highlighted  hits 
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iews  of  dtSearch 

♦“The  most  powerful  document  search  tool  on  the  market”  —  Wired  Magazine 

♦“dtSearch ...  leads  the  market”  —  Network  Computing 

♦“Blindingly  fast”  —  Computer  Forensics:  Incident  Response  Essentials 

♦“A  powerful  arsenal  of  search  tools”  —  The  New  York  Times 

♦“Super  fast,  super-reliable”  —  The  Wall  Street  Journal 

♦“Covers  all  data  sources ...  powerful  Web-based  engines”  —  eWEEK 

♦“Searches  at  blazing  speeds”  —  Computer  Reseller  News  Test  Center 


See  www.dtsearch.com  for  hundreds  more  reviews  &  case  studies 
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,  TAP  into  Performance 

/ZetWOrKTAPs  Monjtor  mission-critical  links  with  the 

latest  technology  through  new  nTAPs 


Stop  jeopardizing  network  performance  and  risking  costly  downtime.  Be  confident  you 
have  maximum  visibility  into  your  full-duplex  links  by  configuring  an  nTAP  solution  that 
fits  your  network  and  budget.  Visit  www.networkTAPs.com/visibility  today. 


Ethernet  Copper  nTAP 

For  copper-to-copper  connections 
Choose  your  speed: 

10/100 . $395 

10/100/1000  . $995 


10/100/1000  Conversion  nTAP 

Copper  input  with  copper  or 
fiber  output  options 
Choose  your  analysis  output: 

SX . $1,995 

LX . $1,995 


Optical  Fiber  nTAP 

Multiple  split  ratios 

Choose  your  port  density: 

Single  channel . 

. $395 

Four  channel . 

$1,795 

Six  channel . 

$2,395 

To  learn  more  about  how  nTAPs  can  boost  your  network  visibility  and  which  configuration  option 
is  best  for  you,  go  to  www.networkTAPs.com/visibility  or  call  866-GET-nTAP  today. 

Free  overnight  delivery* 


Rg  C€ 


*Free  overnight  delivery  on  all  U.S.  orders  over  $300.00  confirmed  before  12  pm  CST. 

nTAP  and  the  nTAP  logo  are  trademarks  or  registered  trademarks  of  Network  Instruments,  ILC. 
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CDI  offers: 


p-*  Hardware  encryption  over  dial-up 
and  network  connections 
p-*  RSA  certified  SecurlD  authentication 
without  a  network. 
p-«  Patented  central  management  of  all 
remote  devices 


Full  NIST,  FIPS  140-2  certifications  *-n 
Remote  Power  control  •-n 


Homologous  world-wide  approved  *-n 
internal  modems 


CDI  has  been  building  encryption  equipment  for  over  fifteen  years.  Our  customers  and  partners  include 
major  financial  institutions,  government  agencies,  major  telcos,  utilities,  and  the  United  States  military 


Communication  Devices  Inc. 
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Looking  ahead  to  your  next  network  project? 
Need  information  now? 

Check  out  VENDOR  SOLUTIONS  for  the  most  comprehensive  information 
on  network  IT  products  and  solutions  for  your  business  including: 

>  White  Papers 

>-  Special  Reports  Visit  www.networkworld.com/vendorsolutions  today. 

>  Partner  Sites 

>  Webcasts 

>*  Marketplace  Product  Finder 


Humidity 
Air  Flow 


>  Camera 


(512)257-1462  ITWatchdogs 


Systems/Features/Memory 

CISCO 


GBiC's/Cobles/Parts 

Also  Available:  Extreme,  Adtran 

In  Stock  •  Fast  Delivery  •  No  Expedite  Charges 

COMSTAR,  INC. 

The  #-/  Network  Remarketer 


Fax  952*835*1927 


www.comstarinc.com 
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today  and 
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subscription 
for  FREE  - 

a  $129.00 
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Network  World  Events  and  Executive 
Forums  produces  educational  events 
and  executive  forums  worldwide, 
including  our  one  day  Technology  Tours, 
customized  on-site  training,  and  executive  forums  such  as  DEMO®, 
DEMOmobile®.  and  VORTEX,  as  well  as  the  DEMOIetter  and  VORTEX 
Digest  newsletters.  For  complete  Information  on  our  current  seminar 
offerings,  call  us  at  800-643-4668  or  go  to  www.networkworld.com/events. 
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Who’s  hired  what  firms 

As  major  merger  processes  chug  along,  these  firms  are  among  those  finding  work. 


Deal 

Sprint/Nextel 

AT&T/SBC 

Verizon/MCI 

Announced 

Dec.  15, 2004 

Jan.  31, 2005 

March  2, 2005 

Value 

$36  billion 

$16  billion 

$8.5  billion 

Expected  to  close 

Third  quarter  2005 

First  half  of  2006 

2006 

Select  outside 
counsel 

Sprint  lawyers:  Cravath, 
Swaine  &  Moore  and  King 
&  Spalding. 

Nextel’s  lawyers:  Jones  Day 
and  Paul,  Weiss,  Rifkind, 
Wharton  &  Garrison. 

AT&T’s  lawyers: 
Wachtell,  Lipton, 

Rosen  &  Katz. 

SBC's  lawyers: 

Sullivan  &  Cromwell 
and  Crowell  &  Moring. 

Verizon's  lawyers:  Debevoise  &  Plimpton:  Kellogg,  Huber, 
Hansen,  Todd,  Evans  &  Figel:  Wilmer  Cutler  Pickering 
Hale  and  Dorr:  and  Howrey  Simon  Arnold  &  White. 

MCl's  lawyers:  Davis  Polk  &  Wardwell;  Gibson,  Dunn  & 
Crutcher;  Jenner  &  Block:  Steptoe  &  Johnson;  and 
Lawler,  Metzger  &  Milkman. 

Lawyer 

continued  from  page  1 

SBC/ AT&T,  Sprint/Nextel  and 
Verizon/MCI  mergers.They  are 
handling  the  enormous  amount 
of  corporate  and  regulatory  legal 
work  involved  with  getting  these 
mergers  approved  by  sharehold¬ 
ers,  as  well  as  state,  federal  and 
foreign  regulators. 

“For  regulatory  lawyers  that 
deal  with  telecom,  this  could  be 
a  good  year  because  they’ll  have 
lots  of  work,”  says  David  Katz,  a 
partner  at  Wachtell,  Lipton,  Rosen 
&  Katz  in  New  York  and  an 
adjunct  professor  at  New  York 
University  of  Law.“If  anyone  is 
going  to  have  new  AT&T  Range 
Rovers,  it’s  the  regulatory  lawyers 
or  maybe  the  investment 
bankers.” 

The  Verizon/MCI  deal  alone  is 
employing  lawyers  from  more 
than  a  dozen  firms  over  the  next 
year  to  get  the  merger  approved. 

“Every  time  there  is  merger 
and  acquisition  activity,  it  is  a 
busier  time  for  lawyers,”  Katz 
says.“When  you  have  mergers 
involving  regulated  industries  — 
be  it  airlines  or  telecom  —  in 
addition  to  getting  the  approvals 
from  shareholders,  you  have  to 
get  the  approvals  from  regula¬ 
tors.  Suddenly  that  makes  it  an 


even  busier  time  for  law  firms 
that  specialize  in  those  types  of 
approvals.” 

Katz,  whose  firm  represents 
AT&T,  says  the  carriers  involved 
in  these  mergers  will  need 
approval  from  state  telecom  com¬ 
missions,  as  well  as  U.S.  agencies 
such  as  the  FCC.the  Federal 
Trade  Commission  and  the 
Department  of  Justice.  Even  the 
European  Union  will  need  to 
approve  some  of  these  deals. 

“'rhe  more  consolidated  the 
industry  is  becoming,  the  more 
the  FCC  or  the  Department  of 
Justice  are  likely  to  take  a  closer 
look  at  the  mergers,”  Katz  says. 
'That  means  more  lawyers  will 
be  involved  because  each  firm 
has  its  specialty” 

Mow  much  each  of  the  carriers 


will  spend  on  legal  fees  this  year 
depends  on  how  much  resis¬ 
tance  the  deals  face  from  govern¬ 
ment  regulators,  legislators,  share¬ 
holders,  competitors  and  con¬ 
sumer  groups,  and  how  long  it 
takes  to  get  the  deals  approved. 
Experts  say  each  carrier  will 
spend  millions  of  dollars  on  out¬ 
side  counsel. 

“It  could  be  as  much  as  $20 
million,”  says  one  telecom  lawyer 
involved  in  a  big  merger,  who 
won’t  reveal  the  fees  his  clients 
are  paying.“It’s  a  function  of  how 
much  regulatory  work  is  involved 
and  how  contested  the  deals  are 
and  how  long  it  takes  to  get  gov¬ 
ernment  approval.” 


Yet  experts  say  these  legal  fees, 
along  with  other  costs  related  to 
the  mergers,  are  minor  compared 
with  the  cost  savings  that  the 
combined  carriers  hope  to  attain 
through  operational  efficiencies. 

“The  transaction  costs  are  car¬ 
ried  partly  by  the  shareholders 
and  partly  by  the  customers,  but 
it’s  questionable  to  what  extent 
you  can  pass  those  costs  along,” 
the  telecom  lawyer  says.“Reven- 
ues  in  this  sector  continue  to  be 
challenged.” 

Because  of  potential  conflicts 
of  interest,  the  legal  work  in¬ 
volved  in  these  mergers  is  spread 
across  many  firms  rather  than 
concentrated  in  a  few  specialty 
shops.The  firms  involved  in  these 
mergers  typically  represent  only 
one  carrier.  For  example,  the 


firms  that  represented  Qwest  in 
its  failed  bid  to  buy  MCI  can’t 
represent  any  other  party  in¬ 
volved  in  that  deal. 

Even  carriers  uninvolved  in 
these  mergers  are  hiring  lawyers 
to  plead  their  cases  to  regulators 
and  legislators  about  either  pro¬ 
hibiting  these  deals  or  applying 
certain  terms  and  conditions. 
More  than  two  dozen  carriers,  in¬ 
cluding  BT  Americas,  XO  Com¬ 
munications  and  Sawis  Com¬ 
munications,  have  filed  docu¬ 
ments  with  the  FCC  on  the 
Verizon/MCI  merger. 

“There  are  several  law  firms  rep¬ 
resenting  MCI  in  connection  with 
the  merger,  and  we  will  all  be 
keeping  busy”  says  Anthony 
Epstein,  a  partner  with  Steptoe  & 
Johnson.‘A  lot  of  other  compa¬ 
nies  have  come  out  against  the 
mergers  or  arguing  for  various 
conditions  on  the  mergers,  and 
that  generates  legal  work  as  well. 
But  that’s  short-term  work. Verizon 
and  MCI  hope  to  complete  the 
merger  by  the  end  of  2005.  Even 
if  it’s  in  early  2006,  that  work  is 
going  to  be  over/ 

Before  the  telecom  mergers 
were  announced,  corporate  law 
firms  such  as  Wachtell,  Lipton, 
Rosen  &  Katz  were  the  ones  gen¬ 
erating  most  of  the  fees.  Through¬ 
out  the  rest  of  the  year,  law  firms 
that  specialize  in  regulatory  issues 
such  as  Crowell  &  Moring  will  gar¬ 
ner  the  most  business. 

“For  the  mergers  and  acquisi- 
tions-type  firms,  these  telecom 
deals  will  not  cause  a  big  blip  in 
earnings,”  Katz  says.“But  on  the 
regulatory  side,  especially  for 
firms  involved  in  the  FCC  work, 
this  could  be  a  banner  year/ 

Michael  Kaplan,  a  partner  with 
Davis  Fblk  &  Wardwell,says  there 
is  more  legal  work  today  in  tele¬ 
com  than  there  has  been  for  sev¬ 
eral  years  because  of  these  merg¬ 


ers.  However,  Kaplan  says  the  hey¬ 
day  was  in  the  late  1990s,  after 
the  Telecommunications  Act  of 
1996  fostered  so  many  telecom 
start-ups. 

“Clearly,  a  big  deal  takes  up 
more  time  than  smaller  deals. 
MCI  has  taken  up  a  lot  of  interest 
and  created  a  lot  of  legal  activity/ 
says  Kaplan,  whose  law  firm  rep¬ 
resents  MCI.“But  when  you  look 
at  telecom  overall,  it’s  still  a  weak 
market  compared  to  several 
years  ago.” 

Experts  say  the  current  level  of 
telecom-related  legal  work  is  not 
unprecedented. 

“These  are  mergers  that  raise 
different  issues,  but  back  in  the 
late  1990s  we  had  Bell  Atlantic 
and  Nynex,  WorldCom  and 
Sprint, WorldCom  and  MCI,  Qwest 
and  US  West.There  were  a  num¬ 
ber  of  substantial  mergers  that 
overlapped  or  went  back-to- 
back,”  Epstein  says. 

So  far,  the  current  crop  of  tele¬ 
com  mergers  hasn’t  affected  the 
demand  for  experienced  telecom 
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lawyers,  but  it  has  helped  the  mar¬ 
ket  for  temporary  regulatory 
lawyers,  who  are  often  hired  to 
handle  the  document  review 
required  for  big  mergers.Temp- 
orary  lawyers  cost  $40  to  $60  per 
hour,  compared  with  $150  to  $300 
per  hour  for  mid-level  associates. 

“There  are  hundreds  of  tempo¬ 
rary  lawyers  being  placed  to  sup¬ 
port  these  telecom  deals/  says 
James  LaRosa,  president  of 
Juristaff  Legal  Staffing,  a  tempo¬ 
rary  agency  in  NewYork.“For 
deals  of  this  size,  you’re  working 
with  millions  of  documents  that 
have  to  be  reviewed  within  a  cer¬ 
tain  period  of  time.” 

While  2005  will  be  a  great 
year  for  telecom  lawyers,  the 
long-term  prospects  for  this 
specialty  are  murkier.  Once  all 
of  these  mergers  are  approved, 
it’s  unlikely  that  the  combined 
carriers  will  need  to  hire  so 
many  corporate,  regulatory  and 
legislative  firms.  So  some  will 
lose  major  clients  once  these 
deals  are  done. 

“Some  extremely  good 
lawyers  are  going  to  end  up  on 
the  short  end  of  the  stick 
because  they  did  a  lot  of  work 
for  clients  that  are  being 
acquired,”  Epstein  predicts.  ■ 


Got  great  ideas? 


■  Got  a  suggestion  for  a  Wider  Net 
story?  An  offbeat  network  industry- 
related  topic?  A  fascinating  person¬ 
ality  we  should  profile?  Contact 
Bob  Brown  with  your  ideas  at 
bbrown@nww.com. 
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**For  regulatory  lawyers  that  deal  with 
telecom,  this  could  be  a  good  year 
because  they’ll  have  lots  of  work.** 

David  Katz,  partner,  Wachtell,  Lipton,  Rosen  &  Katz 
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COME  AND  FEEL  THE  EXCITEMENT  LEVEL  RISE  TO  NEW  HEIGHTS. 
Join  today's  most  influential  technology  leaders  for  two  days 
of  ground-breaking  presentations  unveiling  the  innovative 
products  destined  to  change  the  marketplace.  Experience 
seventy  hand-picked  technologies  before  anyone  else.  DEMOfall 
2005  is  your  ticket  to  technology's  future  -  where  industry¬ 
shaping  ideas  turn  into  real  business  opportunities. 


DEMO  conferences  are  highly  regarded  as  the  can't  miss 
technology  events  of  the  year,  launching  exciting  new  products 
and  generating  millions  of  media  impressions.  Make  connections 
with  technology's  A-list  of  product  developers,  corporate 
executives,  venture  backers,  and  analysts.  Rub  elbows  with  top 
business  and  trade  journalists,  representing  outlets  such  as  CNN, 
the  Wall  Street  Journal,  Forbes,  New  York  Times,  USA  Today, 
Network  World,  and  InfoWorld.  This  single  event  is  guaranteed 
to  shape  your  future  with  new  information,  useful  contacts,  and 
a  renewed  energy. 


Register  now.  Save  $200. 

Sign  up  by  August  12  and  pay  $2,795. 
www.demo.com/F5A2 
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Mark  Gibbs 


I  ow  that  the  initial 
furor  over  the  MGM 
I  vs.  Grokster  Supreme 
Court  case  has  settled 
down  and  the  cries  from 
the  opposing  sides  have  faded  into  a  grumble,  we  can 
look  at  the  decision  a  little  more  dispassionately 
The  Supreme  Court’s  unanimous  decision  said  Grokster 
could  be  held  liable  for  copyright  infringements  commit¬ 
ted  by  users  of  their  peer-to-peer  file-sharing  software. 

Paul  McNamara,  who  inhabits  the  Net  Buzz  column  due 
south  of  here,  commented  a  couple  of  weeks  ago  that  “the 
court  quite  sensibly  zeroed  in  on  what  has  always  been 
the  crux  of  the  matter  —  illegal  business  practices  —  and 
not  technology  itself.  Non-infringing  uses  are  all  well  and 
good,  the  court  said,  but  such  capabilities  offer  no  defense 
against  lawsuits  if  accompanied  by  a  business  model  and 
marketing  that”  are  based  on  encouraging  piracy 
That  isn’t  exactly  accurate.  Having  a  business  plan  that  is 
based  on  others  violating  the  law  is  not  illegal.  Just  con¬ 
sider  radar  detector  manufacturers.  Many  of  them  specifi¬ 
cally  say  in  their  ads  that  you  can  avoid  speed  traps  and 
beat  tickets.  It  turns  out  that  the  business  of  manufacturing 
and  marketing  radar  detectors  isn’t  illegal  even  though  in 
many  states  the  actual  use  of  radar  detectors  is. 

I  am  completely  opposed  to  the  ruling  because  its 
effects  will  be  far  greater  than  most  people  realize. To 


A  new  theory  with  consequences 

N 


begin  with,  whether  or  not  users  are  illegally  swapping 
copyright  content,  the  issue  that  Grokster’s  peer-to-peer 
technology  has  “substantial  non-infringing  uses”  (the  cor¬ 
nerstone  of  the  decision  in  the  Sony  Betamax  case) 
would  seem  to  have  been  relegated  to  a  minor  concern. 
This  is  a  bad  thing,  as  it  expands  the  scope  of  possible  liti¬ 
gation  to  involve  any  technology  that  can  transfer  and  or 
store  copyright  content. 

The  Electronic  Frontier  Foundation  (EFF)  stated:“This 
decision  relies  on  a  new  theory  of  copyright  liability  that 
measures  whether  manufacturers  created  their  wares  with 
the  ‘intent’  of  inducing  consumers  to  infringe.  It  means 
that  inventors  and  entrepreneurs  will  not  only  bear  the 
costs  of  bringing  new  products  to  market,  but  also  the 
costs  of  lawsuits  if  consumers  start  using  their  products 
for  illegal  purposes.” 

That  the  Justices  should  throw  in  a  new  theory  of  copy¬ 
right  liability  was  a  big  surprise.This  theory  was  based  on 
the  claim  that  Grokster  was  “aware  that  users  employ 
[Grokster’s]  software  primarily  to  download  copyrighted 
files.” 

But  are  the  users  really  illegally  swapping  that  much 
copyright  content  so  that  it  can  be  claimed  to  be  the  pri¬ 
mary  use?  According  to  the  decision, “Discovery  revealed 
that  billions  of  files  are  shared  across  peer-to-peer  net¬ 
works  each  month”  but  went  on  to  note  that  this  goes  on 
“although  the  decentralized  networks  do  not  reveal  which 


files  are  copied,  and  when.” 

So  the  assertion  must  have  been  based  on  anecdotal 
reports  rather  than  fact.The  decision  says  later  on  that  “the 
probable  scope  of  copyright  infringement  is  staggering” — 
pretty  amazing  that  “probable”  was  good  enough. 

Anyway  many  of  those  cheering  the  decision  say  it  will 
have  no  effect  on  businesses  and  technologies  that  intend 
to  play  the  game.  Not  so.  As  the  EFF  pointed  out,  the  issue 
of  intent  will  become  a  big  problem  for  companies  devel¬ 
oping  products  that  could  be  used  for  infringing  copyright. 

Even  before  the  decision,  stories  appeared  in  Business 
Week  reporting  a  “chilling  effect”  of  the  case.TimeTrax,a 
company  that  makes  a  system  to  copy  satellite-radio  pro¬ 
gramming  onto  PCs  and  MP3  players,  was  already  seeing 
problems  raising  financing  in  March.  Its  CEO  was  reported 
as  saying, “We  have  been  put  on  hold  by  quite  a  few  peo¬ 
ple.  ...  If  the  Grokster  case  did  not  exist,  our  round  of 
financing  would  be  closed.” 

Anyone  who  thinks  that  this  decision  and  its  new  theory 
will  not  have  a  negative  affect  far  beyond  the  issues  it 
sought  to  address  is  simply  kidding  himself. The  conse¬ 
quences  will  be  anything  but  theoretical. 

Send  your  hypothesis  to  backspin@gibbs.com.  And  check 
Gearblog  www.networkworld.com/weblogs/gearblog  for 
links  for  this  column.  Many  thanks  to  Fred  von  Lehmann  of 
the  EFF  for  his  input. 
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Paul  McNamara 


About  those  polls . . . 

Online  opinion  polls  suck. 

They  suck  for  one  simple  reason:The  respondents  are 
self-selected,  so  there’s  no  way  to  know  how  the  results 
might  compare  with  a  statistically  valid  survey  of  ran¬ 
domly  chosen  people. 

So  the  question  before  us  today  is  not  whether  online  opinion  polls  suck  or  notiThey 
do.The  question  we're  here  to  address  is  whether  such  polls  are  literally  worthless  . . . 
or  just  practically  worthless. 

That  thin  distinction  matters,  at  least  to  me,  because  of  something  written  here  June 
20.That  column  cited  an  online  survey  —  despite  the  fact  that  they  suck  —  to  help  but¬ 
tress  my  contention  that  companies  should  be  required  by  law  to  report  extortion 
attempts  against  their  networks.  Conducted  on  ourWeb  site,  the  survey  tallied  51 
votes  in  favor  of  a  legal  mandate  and  only  three  opposed.  After  making  the  requisite 
apologies  for  the  suckiness  of  online  surveys,  I  wrote:  "Self-selected  sample  aside, 
that’s  an  unmistakable  consensus." 

That  statement  prompted  this  reasonable  complaint  from  a  reader,  Ross  McKenzie: 
"An  exceedingly  small,  self-selected  sample  from  the  Web  is  an  unmistakable  consen¬ 
sus?  I  would  say  that  any  and  all  conclusions  from  faulty  data  are  faulty,  notwithstand¬ 
ing  how  good  a  story  it  makes.” 

I  did  mention  that  online  polls  suck,  right?  But  was  even  this  51-to-3  result  literally 
worthless,  as  the  reader  suggests? 

OK,  I’m  trying  to  wiggle  off  the  hook  here. Toward  that  end,  I  enlisted  the  advice 
of  a  pair  of  academics:  Adam  Berinsky,  an  associate  professor  of  political  sci¬ 
ence  at  MIT,  and  Jordan  Ellenberg,  an  assistant  professor  of  mathematics  at 
Princeton.  (It’s  another  exceedingly  small  sample,  but  at  least  they  didn't  select 

themselves.) 

Tm  afraid  that  I  can’t  give  you  good  news,”  Berinsky  told  me.  "Without  some  adjust¬ 
ment  for  the  nonrandom  nature  of  your  sample,  you  can’t  make  any  inferences  about 
public  opinion.  Some  companies,  such  as  Harris  Interactive  and  Polimetrix,  are  working 
on  -ways  to  adjust  self-selected  interviews,  but  the  jury  is  still  out.” 


“In  your  case,  I  would  need  to  know  more,  but  if  you  simply  asked  people  to  take  an 
online  poll,  I’m  afraid  that  your  critic  is  correct.” 

Case  closed  . . .  and  the  columnist  can  forget  about  getting  into  MIT,  right? 

Maybe,  but  Princeton's  not  a  bad  backup,  and  they  seem  to  grade  journalists  more 
generously  there. 

“The  only  reason  to  use  weak  data  like  that  is  if  stronger  data  is  not  available," 
Ellenberg  first  cautioned  me.  “It  would  be  better  to  e-mail  10  people  you  consider 
trustworthy  on  this  subject  and  see  how  many  say  ’yes,'  than  to  use  an  online  survey  of 
50  people.  But  I  think  that  as  a  journalist  you  are  OK  as  long  as  you  make  clear  what 
the  methodology  is. 

“You  should  ...  say  that  in  your  opinion  this  [51-3  result]  means  something.  I  would 
tend  to  agree  that  it  means  something  —  but  when  I  say  that,  I  am  speaking  just  as  a 
person,  not  a  mathematician.  Because  the  question  really  isn’t  a  mathematical  one." 

That  sounds  like  a  gentleman's  C  . . .  and  I’ll  take  it. 

Here's  why  news  organizations  of  all  kinds  sprinkle  theirWeb  sites  with  self-selected 
opinion  polls,  despite  the  fact  that  even  journalists  understand  that  such  polls  are 
unreliable:  Readers  enjoy  them.They’re  fodder  for  discussion,  and,  as  an  editor  here 
put  it  not  long  ago,  “People  just  like  to  click  on  buttons.” 

Here's  why  1  used  this  particular  poll  result:  51  to  3  is  51  to  3,  maybe  not  to  a  mathe¬ 
matician,  but  to  most  everyone  else.That’s  94%  to  6%. 

And  it  turns  out  that  even  a  mathematician  can  be  tempted  by  51  to  3. 1  asked  Mil’s 
Berinsky  if  he’d  take  into  consideration  the  51  to  3  data  point  if  we  were  to  conduct  a 
random  survey  on  the  same  question  and  then  bet  on  the  outcome. 

“Well,  if  I  were  to  bet,  I  might  go  with  the  94%  side,  but  the  problem  is  that  you  can 
only  say  that  94%  of  the  people  who  took  the  survey  supported  your  point  of  view,” 
Berinsky  says.  "We  can’t  draw  any  inferences  from  self-selected  polls,  no  matter  how 
lopsided  the  split.” 

The  mathematician  wasn't  budging,  but  we  see  where  the  man  was  going  to  put  his 
money. 

Want  your  own  grade?  The  address  is  buzz@nww.com. 
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DENSITY  •  AFFORDABILITY  •  PERFORMANCE  •  CONVERGENCE  •  SECURITY 


With  the  performance  you  expect  from 
Foundry,  now  comes  the  price, 
flexibility,  and  density  breakthrough  you  ’  ve 
been  waiting  for.  Foundry  ’  s  integrated  Layer 
2/3  switch  delivers  an  extensive  feature  set, 
integrated  PoE,  full  layer  3  routing  (including 
OSPF  and  BGP4)  and  wire  speed  10  GE 
performance  for  Enterprise  and  Service 
Provider  environments. 

GET  SECURED.  GET  CONVERGED. 


FASTlRON  SUPERX 

•  Edge  &  Wiring  Closet  Switch 

•  Extensive  QOS  and  Security 
Features 

•  Ease  of  Upgrade  to  POE 

•  1D-GE  Aggregation  and  Core  Switch 

•  Lowest  Price  per  Port  than  Other 
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•  Enterprise  and  Metro  L3  backbone 
Switch 

•  High-Performance  Layer  3  Routing 

•  Up  to  1  Million  Routes  and  20  BGP 
PEERS 


High  Density 

•  Up  to  204  Ports  GE-SFP  Mini-GBIC 

•  Up  to  204  Ports  10/100/1000 

•  Up  to  192  Ports  10/100/1000  PoE 

•  Up  to  16  Ports  10-GE 

High  Performance 

•  Wire-Speed  Every  Port 

•  Up  to  304  Mpps  Throughput 

•  510-Gbps  Switching  Capacity 

Convergence  Ready 

•  Standards-Based  Power-over-Ethemet 

•  Purpose-Built  for  Data,  Voice  &  Video 

•  Integrated  Wired  &  Wireless  Support 

IRONSHIELD  SECURITY 

•  Wire-Speed  ACLs  &  Rate  Limiting 

•  Secure  Shell,  Secure  Copy,  SNMPv3 

•  DoS  Attack  Protection 

•  802.  lx  &  MAC  Authentication 
with  Dynamic  Policy 
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The  Power  of  Performance™ 


For  more  information  please  call: 

US/CANADA  1  BBS  TURBO  LAN , 

INTERNATIONAL  +1  408.586.1700 

OR  VISIT  OUR  WEBSITE  AT  WWW.FOUNDRVNET.COM/SX 

Foundry  Networks,  Inc.  is  a  leading  provider  of  high-performance  Enterprise  and  Service  Provider  switching, 
routing  and  Web  traffic  management  solutions  including  Layer  2/3  LAN  switches,  Layer  3  Backbone  switches. 
Layer  4-7  Web  switches,  wireless  LAN  and  access  points,  access  routers  and  Metro  routers. 

©  2005  Foundry  Networks,  Inc.  All  Rights  Reserved.  All  others  are  trademarks  of  their  respective  owners. 
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